[squid-users] peek and splice content inspection question
yvoinov at gmail.com
Thu Aug 13 21:15:46 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
14.08.15 2:56, Alex Rousskov пишет:
> On 08/13/2015 09:38 AM, Amos Jeffries wrote:
>> On 14/08/2015 12:47 a.m., Marko Cupać wrote:
>>> Is it possible - by means of squid's peek and splice feature - to
>>> inspect file extensions and mime types of https traffic? Can bumped
>>> https traffic be forwarded to icap (squidclamav) for AV scanning?
>> Doing so is the features intended purpose.
> And you may be able to use either Secure ICAP (Squid 4) or the eCAP
> ClamAV adapter for AV scanning without transmitting bumped messages over
> plain text ICAP connections.
Yet another solution is not transmit any over net. Just setup all
services on blade system or one box.
>> if I just send traffic to squidclamav on icap
>> tcp port, then I don't store usernames and passwords or private emails
>> in cache?
> Squid caching is not related to AV scanning. If you do not disable
> caching, Squid will cache cachable responses. IIRC, the code making the
> cachability decision does not check whether the response was bumped.
> However, you may configure it to do so using the "cache" directive:
> Said that, most responses with private information should not be
> cachable by default because the server should mark them as such.
... and we ignore them due to abuse of server owners no-cache directives
when we fight for increase hit-ratio. There is millions cache-unfriendly
web servers, starting from Google...
> The current eCAP ClamAV adapter [temporary] stores message bodies on
> disk to pass them to the ClamAV library for analysis. I do not know
> about squidclamav.
> squid-users mailing list
> squid-users at lists.squid-cache.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the squid-users