Proxy - content filter related
From: Vicky Rode (aptgetd_at_gmail.com)
Date: Thu, 30 Jun 2005 11:29:19 -0700 To: firstname.lastname@example.org
Looking for some insight regarding dealing with proxy traffic.
Is it possible to look at the *outgoing* client-proxy request headers
(w/o going through a local proxy server) in order to identify/block
proxy related traffic?
a. users (user-agent) to non-SSL HTTP proxies
b. users (user-agent) to SLL HTTP proxy (encrypted)
Since the traffic is being redirected (transparently) via school's
content filter appliance (open-source product), does it make sense to
enable proxy so that the appliance provides SSL & non-SSL tunneling
CONNECT extension method, so that we can identify (via CONNECT) and
filter traffic (via keyword). Is it a worthwhile effort?
I can't see any other way to address proxy related traffic (google web
accelerator as an example) which is currently bypasses our content
filter based on egress traffic. Unless I perform deep packet inspection,
look for incoming response, which might slow things down since filtering
is being done in the software.
I'm not sure what I can get out of SSL proxy packets since it creates
a secure connection (encrypted session) between client and server but
any thoughts will be greatly appreciated.
The purpose of this is to inspect/block naughty sites which students
access using third party proxies to bypass school's content filter(s).
I'm trying to help a public school with this issue and any help will be
Any pointers to any in-depth papers or books which talks about proxies
in depth will be excellent.
Appreciate your time/help.