Block CONNECT method
In the HTTP proxy of Astaro Security Linux, there is a feature that can be enabled which is titled “Block CONNECT method on HTTP port:”. This feature, if activated, will instruct the proxy to only service ‘Post’ and ‘Get’ requests, with other types of commands over the proxy being rejected. Some types of programs, such as Peer-to-Peer, Instant Messaging, and Spyware, attempt to connect to the Internet using the connection request over the HTTP proxy. With the proxy restricted to only ‘Post’ and ‘Get’ requests, these types of programs are largely restricted from connecting to the Internet, while normal web page traffic proceeds unimpeded.
While this option has none of the fine granularility of the Intrusion Protection System, it does offer the ability to globally disable many types of programs that admins seek to deny, or spend time blocking by destination IP address using the Packet Filter. If this option mistakenly blocks a program that is needed, it is best to disable it and perform a more specialized configuration using Astaro’s Intrusion Protection.