Mar Matthias Darin wrote:
> Hello,
> Frank Bonnet writes:
>> OK thanks a lot for your "lights" , I think the easyiest way
>> for me would be protocol filtering done by the firewall ...
>
> This is also the most secure. I personally do not let squid handle the
> CONNECT. IMHO, this is too easy to be abused. I use a pac file that
> forces CONNECT to be direct access only.
Hmmm. can't say that I agree with this.
Of course one needs a proper firewall configured to block most ports but
Squid allows you to configure "CONNECT to port 443 only".
And with "going direct" one has no control, no log file for examination,
and no Squid features like bandwidth management or blocking with ufdbGuard.
> ---
> Logger: Taking control of system logs.
> http://freshmeat.net/projects/slogger/
>
>
Received on Wed Jan 23 2008 - 14:58:35 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST