On Wed, 4 Aug 2004 07:46:13 +0200, Elsen Marc <elsen@imec.be> wrote:
> > How can I control the use of HTTP CONNECT such that it will be allowed
> > just for SSL traffic?
> The default squid.conf and any setups derived for it uses
> the 'SSL_Ports' acl to only allow CONNECT requests to port 443 through SQUID.
But this does not say that on the remote 443 port its a HTTP server...
> > Is it possible to call an external script on HTTP CONNECT? I intend to
> > verify if the remote destination is indeed a HTTP/SSL server and it
> > has a valid certificate.
> Most humble, but in effect the browsers does the same when being 'CONNECTED'
> through a SSL site and should normally issue a warning if a certificate
> is not valid (e.g.)
But the user may just click accept on a security warning, also I want
to eliminate applications that try to use HTTP CONNECT in order to
tunnel other protocols than HTTP, such as instant messengers or p2p
programs.
-- Laurian Gridinoc Chief Developer GRAPEFRUIT DESIGN www.gd.roReceived on Wed Aug 04 2004 - 00:25:33 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:01 MDT