[squid-users] Somewhat OT: Content Filter with https

Eliezer Croitoru eliezer at ngtech.co.il
Wed Jun 8 22:09:22 UTC 2016

Hey Sergio,


There are couple approaches to content filtering in the Linux world and in other spaces.

Squid is open source and gives a lot but there are other ideas and ways to perform content filtering.

Squid was designed for caching and does things in a specific way while other solution might give a feature that would work "without interception".

On http it is doable to perform filtering in a very efficient way that is similar to Squid's PEEK and SPLICE but there is a need in some level of Interception in one step or another to perform the actual "block" operation.

I do not know about Open Source products that offers everything and it is very simple to understand why.

What I know about are 

-          Squid + external tools(such as SquidGuard, ufdbguard, others)

-          Ntop layer 7 filtering

-          Custom DPI iptables modules

-          NFQUEUE based IPS\IDS which can act as a url filtering engine


Consider that if you require only filtering and not caching then you can get very high performance from many applications.

The fact that Squid was designed for Caching doesn't mean that you need to use it.
Also there are couple cases which caching will hold your line and users speed.


The best case scenario would be to not Intercept the traffic into squid while in many cases it is not possible.





 <http://ngtech.co.il/lmgtfy/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Sergio Belkin
Sent: Wednesday, June 8, 2016 11:06 PM
To: Squid Users
Subject: [squid-users] Somewhat OT: Content Filter with https



I've been using a few years ago squid+dansguardian. But nowadays, DG is not maintained anymore. I know that exists squidGuard, ufdbGuard, and e2guardian.

Features should be:


- Blocking https url's

- Not need of interception..... is that possible?

- Simple for configure  and good perfomance

What do you recommend me?

Thanks in advance!


Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160609/610e06fa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 11308 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160609/610e06fa/attachment-0001.png>

More information about the squid-users mailing list