I wrote:
> # I also tried to access other proxys using ICAP to shorten the proxy
> # chain. But I would not really recommend using ICAP yet.
On Mon, May 05, 2003 at 08:23:48AM +0200, Boosten, Peter wrote:
> Could you elaborate on this remark? We're planning to circumvent our
> virusscanner for several sorts of downloads, like https-traffic, jpeg's,
> etc, to increase performance, yet we want .exe's etc. to pass our
> virusscanner.
I need the same, too. We use squid_ldap_group with external_acl
to set a number of important permissions for our users. The key problem
is that as soon as the request is forwarded to Squid's parent in the
proxy chain I have no more control about what's URL filtered or
virus scanned. Even having external ACLs control what parent proxy
is used would help. But Squid has some flaws in where external_acl
can be used (parent selection, http_reply). So I guess we will have
to wait and pray to Hendrik. :)
> Why not use ICAP (yet)?
We are working with WebWasher as an URL filter (quite expensive).
Their first versions included patches for the Squid to build
WebWasher support directly into Squid as an ACL. As there is iCAP
as an upcoming standard they stopped maintaining the patches. So
much for the history.
Their first production setup using Squid and iCAP was at a large
German bank. Unfortunately it looked like Squid (even in the
current versions) can handle a few dozen requests and then hangs.
After a few days of testing they decided that Squid is yet too
unstable to run iCAP.
I must admit that I did not try it myself.
> Thanks for your answer.
If you find a solution or find out that Squid is ready for iCAP
then let me know. Our proxy chain gives me a headache. ;)
Christoph
-- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 AllReceived on Mon May 05 2003 - 01:17:24 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:15 MST