> >On 17.02.08 18:10, Sam Przyswa wrote: > >>We use Squid and SquidGuard to control webmails access, that work fine, > >>but for those who use HTTPS protocole Squid/SquidGuard doesn't operate. > >>Is it a way to control HTTPS as well HTTP trafic ? > Matus UHLAR - fantomas wrote: > >no. the HTTPS traffic consists of CONNECT requests where the procy has no > >idea what URLs are being retrieved and what requests (GET/POST/...) pass > >through it - that is the 's'="secure" in the https. On 19.02.08 15:38, Marcus Kool wrote: > False. If https traffic goes via Squid, the URL can go to a redirector and > filter based on either > a) domain name > b) connect to the site and verify valid certificate That means that HTTPS traffic can be controlled in very limited way. So my answer "no" on question "Is it a way to control HTTPS as well HTTP trafic ?" is imho correct :-) However, specifying more informations can of course help... > ufdbGuard does this and successfully blocks SSH tunnels over HTTPS. > Everybody should use ufdbGuard and have one security threat less. It is > free! -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
