Re: [squid-users] ssl port 443

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Thu, 13 Apr 2006 09:47:25 +0200

> > On 12 Apr 2006, at 06:49 , Dwayne Hottinger wrote:
> > > I would like to have all internet requests go through my proxy server.
> > > My firewall now redirects all port 80 requests to my proxy server, I
> > > would like to have port 443 requests go their also, because my
> > > filtering software resides on the proxy server, and to get around the
> > > filter, all one has to do is use https: and they are no longer subject
> > > to the rules. I read through the faq on https: and it doesnt look
> > > like this is what I want.

> Quoting Merton Campbell Crockett <m.c.crockett@adelphia.net>:
> > This is not going to work. The only time that anything will be
> > visible is during the initial establishment of the SSL connection
> > between the client (browser) and the server. After the SSL
> > connection is established, the HTTP request from the client and the
> > HTTP response from the server are encrypted. You won't be able to
> > apply your filtering rules.

On 12.04.06 10:40, Dwayne Hottinger wrote:
> That is what I was thinking. Does anyone know of another way to handle this?

To handle what? To handle the fact that the principle of secure (ssl)
connections is, that nobody can see/filter/modify their content, and all
attempts to do so would be quickly detected on the client side?

Disallow people using https, or probably allow only small number of sites
(at IP - firewall level) you know your users need.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
Received on Thu Apr 13 2006 - 01:47:29 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT