On Mon, Oct 13, 2008 at 01:40:06AM +0300, Ali Hardogan wrote: > > > > Depending on your OS/firewall, you may have ability search packets for HTTP > > traffic. But it is intensive, not foolproof and unnecessary kludge. > > Right. And I cannot be using Squid for that. Instead I need to rely on > another instance of the blacklist enforced by the OS/firewall. I was originally thinking that you might redirect such traffic, but yes it's impossible since the TCP-session is already established when you see HTTP content. So yes your only option is to drop traffic to bad places. > Another approach could be to direct all port 80/3128/8080 TCP > connections to Squid, and drop any packet that carries any HTTP > payload through any other port. This approach relies on the assumption > that the only HTTP traffic that uses one of those other ports is a > proxy HTTP that is trying to "evade" the filter. How valid would this > assumption be? If your only option is to play hide-and-seek, then you must use such methods. Filter all by default and only open on request.