On Tue, Mar 18, 2008, Jon Lewis wrote: > >The solution, of course, is to hire consultants (SIBR if possible) to port > >everything to port 80 ! > > That's been going on for years. Back when it was common for ISPs to run > squid servers and transparently proxy to them (probably around 2000), I > ran into a customer using some sort of aviation data in real time app > which used port 80 (and wasn't HTTP). I had to special case traffic to > that service's IP to get it not to hit squid. When I asked them why they > were running a non-HTTP protocol on 80/tcp, the answer was "that gets us > through most firewalls."
There's patches to Squid to make it silently transparently proxy stuff that doesn't look like HTTP. (I need to make it knob-able before I commit it, as some people -like- having the "must be HTTP" implication of transparent interception.) Adrian