On Fri, 14 May 2004, Jonathan Soong wrote: > Hi guys, > > Just wondering if anyone has had any experience with blocking > malware/spyware sites at a squid proxy?
How these things work 1). You can't really proxy SSL. Well you can, but it's called a man in the middle attack and it's not cool. Proxies therefore let apps that ask for it do a TCP CONNECT through to the real server. This bypasses any proxy control. 2) Peer to peer, spyware and IM apps use this to contact the outside world through your proxy. 3) Squid limits the CONNECT method to port 443. But you can lock things down further by having a whitelist of sites to which SSL is allowed - this shouldn't be too hard to make - ask your users and let them know of your 'Denied' page that they can ask to have sites added. Then spyware. p2p and IM won't get through your proxy anymore. Woo. Mike -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
