> It's no less secure than CONNECT tunneling, and from Squid's standpoint it
> may be more secure - fewer ports on which CONNECT is allowed.
This is the only solution in this case I think, since Squid only
understands HTTP and not the various IM protocols.
The only downside to it is that since DNS is never taken in the equation
(except maybe at the time the chains are built) it is slightly more
expensive to maintain than - say a CONNECT + dstdomain + port ACL.
Kinkie
Received on Tue Jan 04 2005 - 14:51:05 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST