> >> What is the best way to have full control over HTTP traffic that goes > >> through a Squid-enabled firewall? > > > > Don't allow outside connections from clients, don't use transparent. Force > > users to configure proxy in browser. On 13.10.08 01:40, Ali Hardogan wrote: > I cannot use non-transparent proxy as I cannot modify every client. Modify everything you can, block the rest. If there's any problem, you will see what you need to configrue/intercept. Then, intercept the rest. > I also shall not be filtering any other traffic but HTTP. Having > intentional or accidental impact on any other traffic is not > acceptable. In such case, you need content inspecting firewall, that will be able to disconnect all open connections if there's unwanted traffic on them. > Under the aforementioned constraints, SSL traffic cannot be inspected > for URL filtering. I can only block known IP addresses by the > firewall. That's somewhat acceptable for me. the intercepting firewall must know what to allow and what not. Squid is only a HTTP proxy, you need something more to satisfy your needs... -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
