[squid-users] Squid + ICQ contest ;)
Amos Jeffries
squid3 at treenet.co.nz
Mon Oct 26 21:14:19 UTC 2015
On 27/10/2015 9:36 a.m., Yuri Voinov wrote:
>
> The problem is: I can't see most part of ICQ traffic. Because of it uses
> non-HTTP/HTTPS/FTP ports. Only with sniffer.
Okay, that should not matter much. That part of the traffic there is
nothing we can do about in Squid.
>
> Looks like this:
>
> 1. Login starts over 5190 port with CONNECT method. And normal squid's
> config blocks it - this is non-SSL port.
Nod.
> 2. If we add this port to SSL_ports acl, connect starts via HTTP over
> HTTPS port. Squid's prohibit it too. If we relax config (and make it
> less secure!), login phase goes next step.
Pause, how does Squid prohibit that _exactly_ ?
Maybe somebody else can find a way to do it without loosing security.
> 3. And finally Squid got XML-answer via HTTP/HTTPS, which is visible by
> squid, and at this moment client got "Login denied, check
> login/password". Whenever right or wrong password.
Okay. That sounds a bit like it could be from something Squid is adding
(or not adding).
Actually seeing those request and reply messages here would help a lot.
Amos
More information about the squid-users
mailing list