Re: [squid-users] Bloking HTTP Tunnels

From: I.smail ÖZATAY <ismail_at_ismailozatay.net>
Date: Wed, 12 Nov 2008 08:19:25 +0200

Luis Daniel Lucio Quiroz yazm?s,:
> Hi Squids
>
> We found that if we block by MIME type HT-* MIMEs headers we can block
> HTTPProxy tunnel (the one that use html tags).
>
> We have found httport (for windows) but still dont know how to block. Has
> anyone blocked it by other technique than ip blocking?
>
> Regards,
>
> LD
>
>
>
Yes . Normally every https site we connect must have a real domain not
(ip address) if we want to believe it is secure site. If a client tries
to connect an ip over ssl i guess that it's an unsecure site , if it has
a domain i guess that it's secure. Most of the https tunnels use
https/ip for tunnelling so if we drop ips only over https we can drop
https tunnels. I use this method. Here is the squid config ;

acl CONNECT method CONNECT acl ultra_block url_regex
^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ http_access deny CONNECT ultra_block all

Sorry for my english :)

Regards,

ismail
Received on Wed Nov 12 2008 - 06:19:39 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 12 2008 - 12:00:03 MST