Re: [squid-users] p2p and squid

From: Marcus Kool <marcus.kool@dont-contact.us>
Date: Wed, 23 Jan 2008 10:34:28 -0200

Yes, indeed Squid *does* support P2P using HTTPS tunneling.
You may use the free ufdbGuard Squid redirector to block
HTTPS tunneling.
ufdbGuard can also block HTTPS sites which have no valid certificate
and sites which have no FQDN in the URL.

Marcus

Leonardo Rodrigues Magalhães wrote:
>
> Yeah .... squid supports only HTTP but also support connection
> tunneling with CONNECT method.
>
> My experiences showed that almost all 'P2P-through-squid' uses
> CONNECT and connects to IP addresses instead of hostnames. My
> experiences showed that CONNECT to ip addresses almost do NOT happen in
> real life. Real life CONNECTs uses hostnames.
>
> I have filtered, in some sites, CONNECT with IP addresses and
> successfully dropped P2P through squid as well as Skype connections.
>
> You should notice, however, that usually NATting of TCP/443 port
> (usually HTTPS) is allowed and some P2P as well as Skype can work using
> that door. So, maybe you will need to block NAT of tcp/443 port and
> requires that every browser is configured for proxy for a complete
> blocking of P2P stuff.
>
>
> Adrian Chadd escreveu:
>> Squid doesn't support p2p protocols that aren't HTTP. :)
>>
>> On Wed, Jan 23, 2008, Frank Bonnet wrote:
>>
>>> Hello
>>>
>>> Is there a way to use squid proxying with P2P clients ?
>>> if yes is it possible to avoid it or do I have to filter
>>> with my firewall ?
>>>
>>> infos links tricks welcome
>>>
>>>
>
Received on Wed Jan 23 2008 - 05:36:01 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST