Search squid archive

Re: Block uncategorized HTTPS traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 9 Mar 2011 12:12:53 -0800, Luis Veana wrote:
Hi

Can SQUID 2.7 block HTTPS uncategorized traffic in any way?
Define "uncategorized" and there is the answer.
Failing to define it clearly is an automatic "no".

I'm trying to block ULTRASURF usage in my callcenter.
These guys are freely browsing now, since one of them brought this file to
my network.
This software is exceptional by the way, there is no installation required,
it requires NO admin priviledges.
And it auto-configures the system to become a proxy using the 127.0.0.1:9666
address pushing the traffic through a SSL 443 conecction.
At least this is what I could see until now.

Any suggestions?
I think you will find it uses various methods including random 
connection ports to ensure it "always" works.
In a callcenter you have known software with know ports etc which are 
needed. Firewalls can be set to restrict or block other access.
For the stuff relayed through Squid-2 you need a whitelist of 
destinations which are acceptible or a pattern of destinations which are 
not. It comes done to defining uncategorized and discovering how 
ULTRASURF passes requests through Squid. Its been a while since I faced 
it, IIRC it operated like TOR.
On the non-technical side, network blocks do not work without company 
policy and support. You have contracts outlining (in)appropriate 
behaviour in the workplace which covers network usage, right? if not 
*you* are in the wrong for blocking them against their contract 
agreement, that needs fixing. If you do, enforce it, firings are in 
order.
The (somewhat unusual) path I follow with my sub-contractors is to 
charge for non-work related network usage of business resources. Just 
like any other ISP at slightly less than our market rates, deducting 
time wasted from paid hours on top of the charge. They find it fair and 
completely under their own control whether they get paid or not.
Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux