Leonardo Rodrigues Magalhães wrote:
Marcus Kool escreveu:
Yes, indeed Squid *does* support P2P using HTTPS tunneling.
just to make things clear ..... squid supports connection tunneling
and not only HTTPS tunneling. A misconfigured squid can be used, for
example, by worms to send spam emails !!! worms can connect to squid
port (3128) and issues 'CONNECT' to port 25 and it will work !!!
It can tunnel, as it seems to me, any kind of TCP connection and not
only HTTPS ones.
You may use the free ufdbGuard Squid redirector to block
HTTPS tunneling.
ufdbGuard can also block HTTPS sites which have no valid certificate
VERY VERY BAD idea on the real world :)
and sites which have no FQDN in the URL.
very GOOD idea :)
OK thanks a lot for your "lights" , I think the easyiest way
for me would be protocol filtering done by the firewall ...
