Chris Robertson wrote:
Amos Jeffries wrote:
Anil Saini wrote:
i observed accessing thru these addresses on port 443
when i open these address nothing opens...i think they are some
anonymous
addresses using tunnelling..
1207766913.219 695575 172.16.4.80 TCP_MISS/200 267712 CONNECT
82.94.251.204:443 - DIRECT/82.94.251.204 -
1207768700.577 7319 172.16.4.80 TCP_MISS/200 2807 CONNECT
85.25.141.145:443 - DIRECT/85.25.141.145 -
It's usually what a lot of P2P applications do when they are forced to
go through a proxy (I see a lot of these due to students with LimeWire).
BUT, thats also just how some types of software send HTTPS requests,
so outlawing it altogether can cause problems.
The good-guys software usually sends a domain (ie example.com:443).
You block raw-IPs in CONNECT requests like so:
acl CONNECT method CONNECT
acl rawIP url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny CONNECT rawIP
(PS, I'm sure others can probably give you a more efficient regex here).
NP: If those "172.16.4.80" are external people connecting you have a
serious open-proxy security problem.
Heh. If those requests from 172.16.4.80 are external people, he might
have a serious ROUTING problem (http://www.faqs.org/rfcs/rfc1918.html).
ROFL. Oh cripes. I have been rather a zombie this week :-)
Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4