Marcus Kool escreveu:
Mar Matthias Darin wrote:Hello, Frank Bonnet writes:OK thanks a lot for your "lights" , I think the easyiest way for me would be protocol filtering done by the firewall ...This is also the most secure. I personally do not let squid handle the CONNECT. IMHO, this is too easy to be abused. I use a pac file that forces CONNECT to be direct access only.Hmmm. can't say that I agree with this. Of course one needs a proper firewall configured to block most ports but Squid allows you to configure "CONNECT to port 443 only". And with "going direct" one has no control, no log file for examination,and no Squid features like bandwidth management or blocking with ufdbGuard.
Yeah .... i have to agree with Marcus and disagree completly with Mar Matthias. But ... there are cases and cases. At least for me, letting squid deal with CONNECTs showed completly efficient and pretty enough for my needs. My needs are usually corporate needs, in which P2P is never wanted. I can easily block P2P with high efficient in squid with some simple ACLs. I have also tried some other p2p-blocking things, like layer7 iptables modules and ipp2p but i couldnt get 100% blocking with them.
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@xxxxxxxxxxxxxx My SPAMTRAP, do not email it
<<attachment: smime.p7s>>
