Making something like this would render browsing useless for cache users.
Port restrictions has no definitive effect here. For as long as there is any
allowed port for CONNECT, they can tunnel through that port.
Tesla
>From: "Federico Lombardo" <egopfe@hotmail.com>
>To: Adaíl Oliveira <adail@estg.ipleiria.pt>,<squid-users@squid-cache.org>
>Subject: Re: [squid-users] BLock Http Tunnel
>Date: Wed, 12 Feb 2003 11:46:11 +0100
>
>make an ACL blocking CONNECT method :-)
>
>(note that some services just list https, use this method)
>
>btw, squid base ACLs are quite already secured because squid specify that
>connect method is avaialbe only on specific ports, see it into squid.conf
>file
>
>
>Regards,
>
>
>Federico
>
>
>
>----- Original Message -----
>From: "Adaíl Oliveira" <adail@estg.ipleiria.pt>
>To: <squid-users@squid-cache.org>
>Sent: Wednesday, February 12, 2003 11:11 AM
>Subject: [squid-users] BLock Http Tunnel
>
>
>There is anyway to block httptunnel in a squid proxy server?
>
>
>Thanks.
>
>
>Adaíl Oliveira
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
Received on Wed Feb 12 2003 - 04:06:07 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:20 MST