On Wed, 28 Apr 2004, Tolga YAMAN wrote:
> some of my users using socks2http for http tunneling, they can pass my
> squids acls by this way, so they can download blocked files, and connect to
> p2p apps. i want to block and/or log their http tunnel like activities.
You should be able to identify these by abnormal traffic in the access
log. Then block access to the destination servers (SOCKS gateways) used.
"log_mime_hdrs on" may also provide valuable information on how to
identify these abusers.
Regards
Henrik
Received on Wed Apr 28 2004 - 02:01:49 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT