Re: [squid-users] Allowing/Unblocking Skype with Squid

From: Emilio Casbas <ecasbas@dont-contact.us>
Date: Wed, 07 Jun 2006 11:13:19 +0200

Jon Joyce wrote:
> Hi Emilio,
>
> Many thanks for your reply.
>
> When you say careful regards to security, do you mean that anyone who
> knows the IP of a host will get through our content filter?
Yes if you have modified the CONNECT tags in the default squid.conf.

The most serious companies having a web presence (such as Internet
Banking, E-commerce, loggin applications from trusted sites...) will
have registered
domains referenced by their FQDN URLs. so you can't trust in "all" IP
connections through the method CONNECT.

Thanks
Emilio C.

> We have mainly set our squid up like this to stop people using Proxy
> Tunneling software....
>
> Jon
>
> On 6 Jun 2006, at 09:27, Emilio Casbas wrote:
>
>> Jon Joyce wrote:
>>> Hi all,
>>>
>>> We currently have a Squid box set up to only allow secure https
>>> traffic through a manually updated whitelist. So now, all clients
>>> must provide the name and 443 port of our Proxy server before they
>>> can access secure sites (i.e. Internet Banking, Hotmail etc.)
>>>
>>> We now have the problem that Skype wants to use the outgoing secure
>>> 443 port which is not allowed through our Proxy...
>>>
>>> Is there anyway around this??
>>
>> Skype will attempt to tunnel the traffic over port 443 using the SSL
>> protocol as you said,
>> In order to permit access to skype through squid, you would have to
>> know the "random" destination
>> IPs that skype use with the CONNECT method.
>>
>> One possibility could be you can try permit numeric IPs with the
>> CONNECT method, but be careful regard to security.
>>
>> acl N_IPS urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>> acl connect method CONNECT
>>
>> http_access allow connect N_IPS all
>>
>> Thanks
>> Emilio C.
>>
>>>
>>> Anyone's help is much appretiated
>>>
>>> Jon
>>>
>>>
Received on Wed Jun 07 2006 - 03:13:25 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT