[squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

Yuri Voinov yvoinov at gmail.com
Wed Dec 14 15:59:56 UTC 2016 


14.12.2016 21:08, Rafael Akchurin пишет:
>
> Hello everyone,
>
>  
>
> After pulling all my hair out and reading every possible howto on the
> Internet for Cisco ASA integration with Squid using WCCP I have
> decided to write my own. The how to is at
> https://docs.diladele.com/tutorials/web_filter_https_squid_cisco_wccp/index.html.
> Please note it is aimed at those with minimal admin skills and
> contains every single step thoroughly described (mostly for myself not
> to forget anything).
>
>  
>
> May I get your opinions/ideas if what is written is good enough for
> the novice admin?
>
>  
>
> Moreover several question remain:
>
>  
>
> 1.      Does Squid perform fake CONNECT requests with SNI info instead
> of raw IP like I am seeing now?
>
> 2.      Why HTTPS redirection only works with “wccp2_service_info 70
> protocol=tcp flags=*dst_ip_hash* priority=240 ports=443” (all other
> flags from wccp configuration section in squid.conf do not work).
>
Because of ASA is router. Cisco routers uses HASH as assignment method.
>
> 3.      How to bypass connections from workstations to specific remote
> sites by FQDN on Cisco ASA?
>
In fact this will occurs by IP anyway. Cisco devices do DNS lookup and
saves IP's in config instead of FQDN.
>
> 4.      Or maybe it is better to exclude them (3) from SSL bump on
> Squid using ssl::server_name by splicing?
>
Depending your requirements.
>
>  
>
> Thanks in advance for everyone who responds.
>
>  
>
> Best regards,
>
> Rafael Akchurin
>
> Diladele B.V.
>
>  
>
> --
>
> Please take a look at Web Safety - our ICAP based web filter server
> for Squid proxy at https://www.diladele.com
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
Cats - delicious. You just do not know how to cook them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161214/e2fc3135/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161214/e2fc3135/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161214/e2fc3135/attachment-0001.sig>

More information about the squid-users mailing list