On Tue, 2007-06-19 at 16:13 -0500, K K wrote:
> ICAP doesn't support MITM "CONNECT" tunnel handling, though some ICAP
> clients will forward the connect "URL" to an ICAP service to be
> approved or denied, the ICAP standard doesn't allow for looking inside
> the SSL/TLS conversation.
I do not think ICAP, as a protocol, prohibits CONNECT or any other HTTP
request method handling. An ICAP server can be written to inspect,
block, and even adapt CONNECT headers and data streams.
Whether a given proxy and a given ICAP server implementation can do
something intelligent about CONNECT tunnels is a separate question. If
there is enough demand, I am sure Squid will support ICAP-based
inspection and selective blocking of CONNECT traffic.
Alex.
Received on Thu Jun 21 2007 - 09:12:26 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT