Re: [squid-users] controlling https tunnels

From: Laurian Gridinoc <laurian@dont-contact.us>
Date: Wed, 4 Aug 2004 06:25:32 +0000

On Wed, 4 Aug 2004 07:46:13 +0200, Elsen Marc <elsen@imec.be> wrote:
> > How can I control the use of HTTP CONNECT such that it will be allowed
> > just for SSL traffic?
> The default squid.conf and any setups derived for it uses
> the 'SSL_Ports' acl to only allow CONNECT requests to port 443 through SQUID.

But this does not say that on the remote 443 port its a HTTP server...

> > Is it possible to call an external script on HTTP CONNECT? I intend to
> > verify if the remote destination is indeed a HTTP/SSL server and it
> > has a valid certificate.
> Most humble, but in effect the browsers does the same when being 'CONNECTED'
> through a SSL site and should normally issue a warning if a certificate
> is not valid (e.g.)

But the user may just click accept on a security warning, also I want
to eliminate applications that try to use HTTP CONNECT in order to
tunnel other protocols than HTTP, such as instant messengers or p2p
programs.

-- 
Laurian Gridinoc
Chief Developer
GRAPEFRUIT DESIGN
www.gd.ro
Received on Wed Aug 04 2004 - 00:25:33 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:01 MDT