-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
in-line:
Jerry Talkington wrote:
| On Tue, Jul 26, 2005 at 02:07:02PM -0700, Vicky Rode wrote:
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Hash: SHA1
|>
|>Hi,
|>
|>I'm looking for any help in detecting (if possible)
|>*outgoing* client request (see below flow) header information for
|>transparent proxies via some sort of pattern match. Maybe proxy
|>connection tag? Is it doable? So far my search has turned up negative.
|>
|>web browser ----------------> proxy ---------------> web server
|>~ <--------------- <--------------
|
|
| I'm not sure I understand where you are trying to detect this. If you
| mean that you want to find a difference in how the client makes requests
| to the transparent proxy, then that's not possible, because there is no
| difference. Clients have no idea that a proxy is involved until the
| response comes back, so there is no CONNECT request, or any other
| changes to the request.
- -------------
I'm trying to detect outgoing traffic right before it the the core router.
~From what I've gathered briefly the requests to a proxy differ
from normal requests in one way: in the first line, they use the
complete URL of the resource being requested, instead of just the path.
Is this correct?
|
| It is usually possible for the client to detect that a proxy has been
| involved after the first response comes back, but I'm not aware of any
| client that changes behavior if it detects a transparent proxy. In
| fact, it would be pretty reckless to change behavior in that scenario,
| since you can't be sure that the next request is going to hit a proxy.
- ----------------
I'm not sure if the proxy leaks some kind of fingerprint on the return
traffic?
regards,
/vicky
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC5rOupbZvCIJx1bcRAqeOAJ9CSn+rhaNwXh+so0Dp8hU1YAaPAQCg4lFw
S385OevxlTMCEe7s6uZvrGE=
=RKLw
-----END PGP SIGNATURE-----