How are you all handling the Verified By Visa and other payment verification systems? Ive had a few idea, but no concrete fix.
Somehow use a L7 filter to add HTTPS:// requests from users I know are on my payment page
Enable all SSL sites, and then block good ones in walled garden (Will result in lots of users getting free access)
Run L7 rules to log all SSL over time and build up a known list of VbV servers.
Log users in for x minutes once they hit the payments page. (i hate this idea)
Anyone have any other solutions?
If we went down the logging of all known SSL verified by visa sites, we could get some public domain scripts going and plug them into a webserver to allow a centralised list of known servers/ip. Just a thought