Firewall Wizards mailing list archives
Proxy - content filter related
From: noc ops <aptgetd () gmail com>
Date: Thu, 30 Jun 2005 10:20:44 -0700
Hi,I'm not sure if my previous e-mail made it the list as I didn't see it. Anyway, here it is again and my apologies for any duplication.
Is it possible to look at the *outgoing* client-proxy request headers (w/o going through a local proxy server) in order to identify/block proxy related traffic?
a. users (user-agent) to non-SSL HTTP proxies b. users (user-agent) to SLL HTTP proxy (encrypted) Since the traffic is being redirected (transparently) via school'scontent filter appliance (open-source product), does it make sense to enable proxy so that the appliance provides SSL & non-SSL tunneling CONNECT extension method, so that we can identify (via CONNECT) and filter traffic (via keyword). Is it a worthwhile effort?
I can't see any other way to address proxy related traffic (google web accelerator as an example) which is currently bypasses our content filter based on egress traffic. Unless I perform deep packet inspection, look for incoming response, which might slow things down since filtering is being done in the software.
I'm not sure what I can get out of SSL proxy packets since it creates a secure connection (encrypted session) between client and server but any thoughts will be greatly appreciated. The purpose of this is to inspect/block naughty sites which studentsaccess using third party proxies to bypass school's content filter(s). I'm trying to help a public school with this issue and any help will be awesome!
Any pointers to any in-depth papers or books which talks about proxies in depth will be excellent. Appreciate your time/help. regards, /vicky _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Proxy - content filter related noc ops (Jul 01)
- RE: Proxy - content filter related Bruce Smith (Jul 05)