Currently in our proxy deployment it is possible to tunnel SSH through our proxy.
It seems the WSA does not check on protocol level if the request is legitimate HTTP/HTTPS traffic.
Is there a way to configure the proxy so it will prevent SSH to be tunneled through HTTP proxy over ports 443/80?
Currently the WSA is configured as HTTP explicit forwarding proxy.
example log of tunneled SSH traffic
1518797208.150 3030787 172.19.95.113 TCP_MISS/200 4712084 CONNECT tunnel://88.159.209.181:443/ "xxxx@GDS" DIRECT/88.159.209.181 - DEFAULT_CASE_12-POLICY_WRK_ALL_USERS-ID_WRK_AUTH-NONE-NONE-NONE-DefaultGroup <nc,-3.5,1,"-",-,-,-,1,"-",-,-,-,"-",1,-,"-","-",-,-,nc,-,"-","-","Unknown","Unknown","-","-",12.44,0,-,"-","-",1,"-",-,-,"-","-"> - Auth Method: NONE, Auth Wait: 0, DNS Wait: 0, RepScore: 0, Destination: 88.159.209.181 443, Time: 2018-02-16 16:06:48, DenialCode: TCP_MISS