This signature is to detect HTTP proxy connections. The signature will be triggered in two conditions: 1. If an HTTP CONNECT request is used on a non-443 port 2. If an HTTP URL contains http:// string. HTTP proxy activity doesn't necessarily indicate an attack, but it could be used to evade content inspection and other intrusion detection.
Risk
Medium
Popularity
High
Characteristic
Loss of productivity? Have disclosed vulnerability? Can bypass firewall policy? Contain built-in function for other purposes? Can communicate in clear text or via proxy? Can support file transfer? Can be misused? Can tunnel other apps?