Leonardo Rodrigues Magalhães wrote:
Marcus Kool escreveu:
Yes, indeed Squid *does* support P2P using HTTPS tunneling.
just to make things clear ..... squid supports connection tunneling
and not only HTTPS tunneling. A misconfigured squid can be used, for
example, by worms to send spam emails !!! worms can connect to squid
port (3128) and issues 'CONNECT' to port 25 and it will work !!!
It can tunnel, as it seems to me, any kind of TCP connection and not
only HTTPS ones.
You may use the free ufdbGuard Squid redirector to block
HTTPS tunneling.
ufdbGuard can also block HTTPS sites which have no valid certificate
VERY VERY BAD idea on the real world :)
This depend on your requirements. There are plenty security officers
who do not want a HTTPS connection to a site with a homemade certificate.
ufdbGuard offers the option to block or not ...
and sites which have no FQDN in the URL.
very GOOD idea :)
