> > But this does not say that on the remote 443 port its a HTTP server... >
Of course and true. >... > > But the user may just click accept on a security warning, also I want That is the user responsibility and software or enforcement tools won't be able to change the mind-security-state of a person. > to eliminate applications that try to use HTTP CONNECT in order to > tunnel other protocols than HTTP, such as instant messengers or p2p > programs. > As stated 443 is a standard for SSL servers don't think, there will be too many instant messengers e.d. around offering services on that port. As it is also privileged (for instance). So that part of SQUID is a rough initial protections against the CONNECT feature being abused (indeed). M.
