Re: [squid-users] Squid wont work when removing DG

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Wed, 22 Jan 2014 13:34:48 +0200

Hey,

The main issue is that using DG with squid might lead to an issue.
The basic issue is two proxies per connection which is almost the same
as ICAP service else then the ICAP service doesn't care for real in most
cases what are the TCP levels of the connection.

Handling SSL encrypted sessions by default is not the best thing to do.
It is indeed being done and being used but it's one of the things that
can be identified with even almost a naked human eyes.

In the cases that there are ip addresses which are using a combination
of client and server side certificates the option to intercept it drops
to a trizillion percent of success(if even possible).

If there is a way to analyze the network usage it will be quite simple
to implement the right solution.
On the cases which there is not way to first know the load and the
traffic I would not use DG but squid as the main classification tool.

Eliezer

On 21/01/14 19:56, Rafael Akchurin wrote:
> Hello,
>
> May be it is time to look into ICAP web filtering server for Squid?
> As an example see a short howto -http://www.howtoforge.com/filtering-https-traffic-with-squid.
>
> Best regards,
> Sich
Received on Wed Jan 22 2014 - 11:40:19 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 22 2014 - 12:00:05 MST