On Tue, Mar 18, 2008, Jon Lewis wrote:
The solution, of course, is to hire consultants (SIBR if possible) to port everything to port 80 !
That's been going on for years. Back when it was common for ISPs to run squid servers and transparently proxy to them (probably around 2000), I ran into a customer using some sort of aviation data in real time app which used port 80 (and wasn't HTTP). I had to special case traffic to that service's IP to get it not to hit squid. When I asked them why they were running a non-HTTP protocol on 80/tcp, the answer was "that gets us through most firewalls."
There's patches to Squid to make it silently transparently proxy stuff that doesn't look like HTTP. (I need to make it knob-able before I commit it, as some people -like- having the "must be HTTP" implication of transparent interception.) Adrian