Neil Harris wrote:
How about doing SSL via a non-standard port, which will miss the proxies _if_ the transparent proxying simply uses packet filtering at the network side to detect proxyable traffic?
For example:
https://en.wikipedia.org:32//w/index.php?title=Example article&action=submit
(32 being an officially unassigned port number)
How about we worry about that when we actually see such a case?
Come to that, if they're just packet-filtering off the proxyable traffic, we may not even need to bother with the https: -- just use a non-standard port number for _all_ form submissions from AOL members, and set a cookie with that address so they can see their messages.
I tried that already, I sent an AOL user to my webserver on port 81, the request came via the proxy. I assume traffic is marked proxyable by the AOL client. Either that or 81 is filtered in the same way as 80, I didn't try it with a random port.
Of course, we can theorize forever about what AOL's network does or does not do... some actual experiments would be likely to find out what the actual state of affairs is.
I seem to be ahead of you here. SSL works, HTTP port 81 doesn't.
Incidentally, if you go to https://en.wikipedia.org/, you get a slightly surprising result...
Connection refused? Is that surprising?
-- Tim Starling