>> yes. However, you would need filter that would detect the used protocol. >> I'm afraid it's currently impossible to push such filter to squid w/o >> patching and recompiling it. >> >> Also, I'm not 100% sure that it's easy to detect ssl negotiation and >> refuse >> connection if it's not used (note that TLS negotiation is in some cases >> requested after initisl handshake) >> >> Last, when SSL is used, you even can't tell what protocol is inside of it. > > thanks, then I will look to lock at least some dynamic IP addresses in order > to > prevent abuse by my users. ;-)
Check out http://l7-filter.sf.net/ , it's got a "anything with SSL" regexp. Jan Engelhardt --
