Security Basics mailing list archives
Re: Proxy - content filter related
From: Michael Gale <michael.gale () bluesuperman com>
Date: Tue, 05 Jul 2005 19:43:14 -0600
Hello,If a connection is encrypted via the CONNECT method or not you will be only able to filter based on the URL only.
Michael Vicky Rode wrote:
Hi, Looking for some insight regarding dealing with proxy traffic. Is it possible to look at the *outgoing* client-proxy request headers (w/o going through a local proxy server) in order to identify/block proxy related traffic? a. users (user-agent) to non-SSL HTTP proxies b. users (user-agent) to SLL HTTP proxy (encrypted) Since the traffic is being redirected (transparently) via school's content filter appliance (open-source product), does it make sense to enable proxy so that the appliance provides SSL & non-SSL tunneling CONNECT extension method, so that we can identify (via CONNECT) and filter traffic (via keyword). Is it a worthwhile effort? I can't see any other way to address proxy related traffic (google web accelerator as an example) which is currently bypasses our content filter based on egress traffic. Unless I perform deep packet inspection, look for incoming response, which might slow things down since filtering is being done in the software. I'm not sure what I can get out of SSL proxy packets since it creates a secure connection (encrypted session) between client and server but any thoughts will be greatly appreciated. The purpose of this is to inspect/block naughty sites which students access using third party proxies to bypass school's content filter(s). I'm trying to help a public school with this issue and any help will be awesome! Any pointers to any in-depth papers or books which talks about proxies in depth will be excellent. Appreciate your time/help. regards, /vicky
Current thread:
- Proxy - content filter related Vicky Rode (Jul 04)
- Re: Proxy - content filter related Michael Gale (Jul 06)