Proxy - content filter related

[noc ops <aptgetd () gmail com>]

Hi,


I'm not sure if my previous e-mail made it the list as I didn't see it. 
Anyway, here it is again and my apologies for any duplication.


Is it possible to look at the *outgoing* client-proxy request headers 
(w/o going through a local proxy server) in order to identify/block 
proxy related traffic?

a. users (user-agent) to non-SSL HTTP proxies
b. users (user-agent) to SLL HTTP proxy (encrypted)

Since the traffic is being redirected (transparently) via school's
content filter appliance (open-source product), does it make sense to 
enable proxy so that the appliance provides SSL & non-SSL tunneling 
CONNECT extension method, so that we can identify (via CONNECT) and 
filter traffic (via keyword). Is it a worthwhile effort?

I can't see any other way to address proxy related traffic (google web 
accelerator as an example) which is currently bypasses our content 
filter based on egress traffic. Unless I perform deep packet inspection, 
look for incoming response, which might slow things down since filtering 
is being done in the software.

I'm not sure what I can get out of SSL proxy packets since it creates
a secure connection (encrypted session) between client and server but
any thoughts will be greatly appreciated.

The purpose of this is to inspect/block naughty sites which students
access using third party proxies to bypass school's content filter(s). 
I'm trying to help a public school with this issue and any help will be 
awesome!

Any pointers to any in-depth papers or books which talks about proxies
in depth will be excellent.


Appreciate your time/help.



regards,
/vicky





_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards