Re: [squid-users] HTTPS proxy

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Tue, 26 Feb 2008 08:55:37 +0100

> >On 17.02.08 18:10, Sam Przyswa wrote:
> >>We use Squid and SquidGuard to control webmails access, that work fine,
> >>but for those who use HTTPS protocole Squid/SquidGuard doesn't operate.
> >>Is it a way to control HTTPS as well HTTP trafic ?

> Matus UHLAR - fantomas wrote:
> >no. the HTTPS traffic consists of CONNECT requests where the procy has no
> >idea what URLs are being retrieved and what requests (GET/POST/...) pass
> >through it - that is the 's'="secure" in the https.

On 19.02.08 15:38, Marcus Kool wrote:
> False. If https traffic goes via Squid, the URL can go to a redirector and
> filter based on either
> a) domain name
> b) connect to the site and verify valid certificate

That means that HTTPS traffic can be controlled in very limited way.

So my answer "no" on question "Is it a way to control HTTPS as well HTTP
trafic ?" is imho correct :-)

However, specifying more informations can of course help...

> ufdbGuard does this and successfully blocks SSH tunnels over HTTPS.
> Everybody should use ufdbGuard and have one security threat less. It is
> free!

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe. 
Received on Tue Feb 26 2008 - 00:55:41 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST