A feature of Apache Web Server allows anyone to establish an SSH connection through the boundaries of any enterprise network. This is done completly stealthy and undetectably, fooling firewalls, proxyes, and any other enterprise network filtering wildlife. As a matter of fact, virtually any protocol might be tunnelized this way -except, of course, for IPoAC 
. But I will take the example of SSH since it opens a very interesting, wide-spectrum, vector to further analisys.
Quite esoteric, ah? This is how all this black magic work
It is simple, most proxyes will allow outgoing HTTP trafic to any website. Proxys want the users to surf the web. That is their purpose to exist. And that is what we will expliot. But most of the proxyes will only let their users through the paths they know safe (or whatever filtering their administrators may have set). In the best scenario, the proxy will not allow one particular HTTP method called CONNECT. This method is the one used for SSL/TLS protocol. It establishes a tunneled connection between the client and a remote server, through the proxy server. Since it is used by SSL/TLS, some proxys will let the CONNECT method free to certain sites, and most probably only on port 443. This, plus some L7 filtering and maybe some DPI, describes the most secure environment one might ever find inside any enterprise network. On the other hand we have lazy-administrated proxys that will allow you do whatever you want. If this last is your scenario, don’t waste your time reading any further, go use it for some SSH simple tunneling
