Security Basics mailing list archives
Proxy - content filter related
From: Vicky Rode <aptgetd () gmail com>
Date: Thu, 30 Jun 2005 11:29:19 -0700
Hi, Looking for some insight regarding dealing with proxy traffic. Is it possible to look at the *outgoing* client-proxy request headers (w/o going through a local proxy server) in order to identify/block proxy related traffic? a. users (user-agent) to non-SSL HTTP proxies b. users (user-agent) to SLL HTTP proxy (encrypted) Since the traffic is being redirected (transparently) via school's content filter appliance (open-source product), does it make sense to enable proxy so that the appliance provides SSL & non-SSL tunneling CONNECT extension method, so that we can identify (via CONNECT) and filter traffic (via keyword). Is it a worthwhile effort? I can't see any other way to address proxy related traffic (google web accelerator as an example) which is currently bypasses our content filter based on egress traffic. Unless I perform deep packet inspection, look for incoming response, which might slow things down since filtering is being done in the software. I'm not sure what I can get out of SSL proxy packets since it creates a secure connection (encrypted session) between client and server but any thoughts will be greatly appreciated. The purpose of this is to inspect/block naughty sites which students access using third party proxies to bypass school's content filter(s). I'm trying to help a public school with this issue and any help will be awesome! Any pointers to any in-depth papers or books which talks about proxies in depth will be excellent. Appreciate your time/help. regards, /vicky
Current thread:
- Proxy - content filter related Vicky Rode (Jul 04)
- Re: Proxy - content filter related Michael Gale (Jul 06)