On Wednesday 12 February 2003 11:11 am, Tesla 13 wrote:
> If you consider like this, it is better to scan access log for abnormal
> transfer sizes which would indicate tunneling sessions and block the target
> hosts.
Ah yes of course :)
Actually, do the squid logs contain how much time elapsed during the CONNECT?
Maybe it would be more convenient to limit CONNECT sessions to, say, 5
minutes? Adequate for the longest CGI process, but fairly useless for people
trying to use SSH.
> The question was "...block in squid proxy server".
Yes, but I think this question is more related to the UNIX ethos of smaller
programs working together to achieve a greater task.
Microsoft ISA would probably implement this as a 'Tunnel Stealth Mode'
integrated into the main application, but I don't believe it's desirable for
squid to perform this task in itself, hence the suggestion of monitoring the
log files.
Cheers,
Gavin
Received on Wed Feb 12 2003 - 04:40:10 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:20 MST