|
Home > Archive > Squid > April 2004 > [squid-users] How can i determine http_tunnel like apps.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[squid-users] How can i determine http_tunnel like apps.
|
|
| Tolga YAMAN 2004-04-29, 6:55 pm |
| Hi,
some of my users using socks2http for http tunneling, they can pass my
squids acls by this way, so they can download blocked files, and connect to
p2p apps. i want to block and/or log their http tunnel like activities.
Any advice?
Kind Regards
Tolga
| |
| Elsen Marc 2004-04-29, 6:55 pm |
|
=20
>=20
> Hi,
> some of my users using socks2http for http tunneling, they can pass my
> squids acls by this way, so they can download blocked files,=20
> and connect to
> p2p apps. i want to block and/or log their http tunnel like=20
> activities.
> Any advice?
>=20
=20
Even that 'solution' from your brave users, will have
an initial or more identifyable requests in Squid's access log.
Identify them, and block , once more using ACL mechanisms.
M.
| |
| Henrik Nordstrom 2004-04-29, 6:55 pm |
| On Wed, 28 Apr 2004, Tolga YAMAN wrote:
> some of my users using socks2http for http tunneling, they can pass my
> squids acls by this way, so they can download blocked files, and connect to
> p2p apps. i want to block and/or log their http tunnel like activities.
You should be able to identify these by abnormal traffic in the access
log. Then block access to the destination servers (SOCKS gateways) used.
"log_mime_hdrs on" may also provide valuable information on how to
identify these abusers.
Regards
Henrik
|
|
|
|
|