Re: [squid-users] Controlling all HTTP traffic

From: Matus UHLAR - fantomas <uhlar_at_fantomas.sk>
Date: Mon, 13 Oct 2008 14:41:16 +0200

> >> What is the best way to have full control over HTTP traffic that goes
> >> through a Squid-enabled firewall?
> >
> > Don't allow outside connections from clients, don't use transparent. Force
> > users to configure proxy in browser.

On 13.10.08 01:40, Ali Hardogan wrote:
> I cannot use non-transparent proxy as I cannot modify every client.

Modify everything you can, block the rest. If there's any problem, you will
see what you need to configrue/intercept.

Then, intercept the rest.

> I also shall not be filtering any other traffic but HTTP. Having
> intentional or accidental impact on any other traffic is not
> acceptable.

In such case, you need content inspecting firewall, that will be able to
disconnect all open connections if there's unwanted traffic on them.

> Under the aforementioned constraints, SSL traffic cannot be inspected
> for URL filtering. I can only block known IP addresses by the
> firewall. That's somewhat acceptable for me.

the intercepting firewall must know what to allow and what not.
Squid is only a HTTP proxy, you need something more to satisfy your needs...

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
Received on Mon Oct 13 2008 - 12:41:25 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 13 2008 - 12:00:02 MDT