On Wed, 4 Aug 2004 07:46:13 +0200, Elsen Marc <[EMAIL PROTECTED]> wrote: > > How can I control the use of HTTP CONNECT such that it will be allowed > > just for SSL traffic? > The default squid.conf and any setups derived for it uses > the 'SSL_Ports' acl to only allow CONNECT requests to port 443 through SQUID.
But this does not say that on the remote 443 port its a HTTP server... > > Is it possible to call an external script on HTTP CONNECT? I intend to > > verify if the remote destination is indeed a HTTP/SSL server and it > > has a valid certificate. > Most humble, but in effect the browsers does the same when being 'CONNECTED' > through a SSL site and should normally issue a warning if a certificate > is not valid (e.g.) But the user may just click accept on a security warning, also I want to eliminate applications that try to use HTTP CONNECT in order to tunnel other protocols than HTTP, such as instant messengers or p2p programs. -- Laurian Gridinoc Chief Developer GRAPEFRUIT DESIGN www.gd.ro
