On Wed, 28 Apr 2004, Tolga YAMAN wrote: > some of my users using socks2http for http tunneling, they can pass my > squids acls by this way, so they can download blocked files, and connect to > p2p apps. i want to block and/or log their http tunnel like activities.
You should be able to identify these by abnormal traffic in the access log. Then block access to the destination servers (SOCKS gateways) used. "log_mime_hdrs on" may also provide valuable information on how to identify these abusers. Regards Henrik
