Re: [squid-users] Massive problems with https connections to Domino Server (long)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 11 Feb 2004 22:39:22 +0100 (CET)

On Wed, 11 Feb 2004 vda@port.imtp.ilyichevsk.odessa.ua wrote:

> What can you do against someone plugging into your intranet
> a preconfigured laptop which will NOT ask novell about anything
> before going direct?

Inverse firewalling, making sure direct connections to the Internet is not
allowed.

> > - authentication does not work with transparent proxy, we are currently
> > not using it, but will in the future
>
> Wow. I'm not familiar with this stuff...

To use proxy authenticaiton you must be using a client configured to use
the proxy.

Proxy authentication gives much stronger audit trails than any firewall
logs, as the proxy logs will contain detailed information about who in
person went where when, not just a mix of ipaddresses and ports.

Btw, the logging capabilities of iptables truly sucks in comparisation
with a Squid proxy. Basically non-existant.

Regards
Henrik
Received on Wed Feb 11 2004 - 14:39:41 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST