Yes, indeed Squid *does* support P2P using HTTPS tunneling.
You may use the free ufdbGuard Squid redirector to block
HTTPS tunneling.
ufdbGuard can also block HTTPS sites which have no valid certificate
and sites which have no FQDN in the URL.
Marcus
Leonardo Rodrigues Magalhães wrote:
Yeah .... squid supports only HTTP but also support connection
tunneling with CONNECT method.
My experiences showed that almost all 'P2P-through-squid' uses
CONNECT and connects to IP addresses instead of hostnames. My
experiences showed that CONNECT to ip addresses almost do NOT happen in
real life. Real life CONNECTs uses hostnames.
I have filtered, in some sites, CONNECT with IP addresses and
successfully dropped P2P through squid as well as Skype connections.
You should notice, however, that usually NATting of TCP/443 port
(usually HTTPS) is allowed and some P2P as well as Skype can work using
that door. So, maybe you will need to block NAT of tcp/443 port and
requires that every browser is configured for proxy for a complete
blocking of P2P stuff.
Adrian Chadd escreveu:
Squid doesn't support p2p protocols that aren't HTTP. :)
On Wed, Jan 23, 2008, Frank Bonnet wrote:
Hello
Is there a way to use squid proxying with P2P clients ?
if yes is it possible to avoid it or do I have to filter
with my firewall ?
infos links tricks welcome
