Re: [squid-users] BLock Http Tunnel

From: Gavin Hamill <gdh@dont-contact.us>
Date: Wed, 12 Feb 2003 11:40:04 +0000

On Wednesday 12 February 2003 11:11 am, Tesla 13 wrote:
> If you consider like this, it is better to scan access log for abnormal
> transfer sizes which would indicate tunneling sessions and block the target
> hosts.

Ah yes of course :)

Actually, do the squid logs contain how much time elapsed during the CONNECT?
Maybe it would be more convenient to limit CONNECT sessions to, say, 5
minutes? Adequate for the longest CGI process, but fairly useless for people
trying to use SSH.

> The question was "...block in squid proxy server".

Yes, but I think this question is more related to the UNIX ethos of smaller
programs working together to achieve a greater task.

Microsoft ISA would probably implement this as a 'Tunnel Stealth Mode'
integrated into the main application, but I don't believe it's desirable for
squid to perform this task in itself, hence the suggestion of monitoring the
log files.

Cheers,
Gavin
Received on Wed Feb 12 2003 - 04:40:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:20 MST