Hi,
Is it possible to look at the outgoing client-proxy request headers and tell whether it's proxy related used under the following proxy scenarios. The goal is to (a) identify wether the outgoing traffic is proxy and if possible, look into the request and filter traffic based on its contents.
a. users (user-agent) to non-SSL HTTP proxies b. users (user-agent) to SLL HTTP proxy (encrypted)
My findings have been that since the traffic is being redirected via the content filter (open-source), I could possibly enable proxy server on it that would support SSL tunneling CONNECT extension method and identify (via CONNECT)/filter traffic.
I'm not sure what I can get out of SSL proxing packets since it creates a secure connection (encrypted session) between client and server.
Any insight will be appreciated.
regards, /vicky