Hi Emilio,
Many thanks for your reply.
When you say careful regards to security, do you mean that anyone who
knows the IP of a host will get through our content filter? We have
mainly set our squid up like this to stop people using Proxy
Tunneling software....
Jon
On 6 Jun 2006, at 09:27, Emilio Casbas wrote:
> Jon Joyce wrote:
>> Hi all,
>>
>> We currently have a Squid box set up to only allow secure https
>> traffic through a manually updated whitelist. So now, all clients
>> must provide the name and 443 port of our Proxy server before they
>> can access secure sites (i.e. Internet Banking, Hotmail etc.)
>>
>> We now have the problem that Skype wants to use the outgoing
>> secure 443 port which is not allowed through our Proxy...
>>
>> Is there anyway around this??
>
> Skype will attempt to tunnel the traffic over port 443 using the
> SSL protocol as you said,
> In order to permit access to skype through squid, you would have to
> know the "random" destination
> IPs that skype use with the CONNECT method.
>
> One possibility could be you can try permit numeric IPs with the
> CONNECT method, but be careful regard to security.
>
> acl N_IPS urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
> acl connect method CONNECT
>
> http_access allow connect N_IPS all
>
> Thanks
> Emilio C.
>
>>
>> Anyone's help is much appretiated
>>
>> Jon
>>
>>
>
>
>
Received on Wed Jun 07 2006 - 02:05:58 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT