Mar Matthias Darin wrote:
Hello,
Frank Bonnet writes:
OK thanks a lot for your "lights" , I think the easyiest way
for me would be protocol filtering done by the firewall ...
This is also the most secure. I personally do not let squid handle the
CONNECT. IMHO, this is too easy to be abused. I use a pac file that
forces CONNECT to be direct access only.
Hmmm. can't say that I agree with this.
Of course one needs a proper firewall configured to block most ports but
Squid allows you to configure "CONNECT to port 443 only".
And with "going direct" one has no control, no log file for examination,
and no Squid features like bandwidth management or blocking with ufdbGuard.
---
Logger: Taking control of system logs.
http://freshmeat.net/projects/slogger/
