Search squid archive

Re: squid siscussion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Amos Jeffries wrote:
Anil Saini wrote:
        i observed accessing thru these addresses on port 443
when i open these address nothing opens...i think they are some anonymous
addresses using tunnelling..

        1207766913.219 695575 172.16.4.80 TCP_MISS/200 267712 CONNECT
82.94.251.204:443 - DIRECT/82.94.251.204 -
1207768700.577   7319 172.16.4.80 TCP_MISS/200 2807 CONNECT
85.25.141.145:443 - DIRECT/85.25.141.145 -

It's usually what a lot of P2P applications do when they are forced to go through a proxy (I see a lot of these due to students with LimeWire).

BUT, thats also just how some types of software send HTTPS requests, so outlawing it altogether can cause problems.

The good-guys software usually sends a domain (ie example.com:443).

You block raw-IPs in CONNECT requests like so:

  acl CONNECT method CONNECT
  acl rawIP url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
  http_access deny CONNECT rawIP

(PS, I'm sure others can probably give you a more efficient regex here).

NP: If those "172.16.4.80" are external people connecting you have a serious open-proxy security problem.


Heh. If those requests from 172.16.4.80 are external people, he might have a serious ROUTING problem (http://www.faqs.org/rfcs/rfc1918.html).


Amos

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux