[squid-users] On what methods does url filtering needs to apply?
Eliezer Croitoru
eliezer at ngtech.co.il
Mon Sep 28 19:25:23 UTC 2015
Thanks Marcus,
In this case I do not care about malware in the OPTIONS,HEAD or PUT methods.
And it seems like this is the main different between a basic abusive
content filtering(leaving the abusive definition abstract) and a
security product which meant to block malware.
I still suspect that if there is no access using the GET and POST
methods it is most likely that the malware will not be there from the
first place but it is not guaranteed.
So from a business point of view, in most cases inspection of all
traffic is a requirement of security.
For example, in a health care facility the ACLs are to ensure security
and also to block abusive content and there should be a requirement to
inspect all traffic.
While on an ISP it might not be required.
Eliezer
On 28/09/2015 21:58, Marcus Kool wrote:
> "content filtering" may filter only content while a generic filter may
> filter anything
> including malware that uses PUT, OPTION and/or HEAD to upload credit
> card data.
>
> So it depends on what you want to filter. If it is downloadable content
> only, you can stick with filtering GET POST CONNECT.
>
> Marcus
More information about the squid-users
mailing list