[squid-users] Clarification on icap
Alex Rousskov
rousskov at measurement-factory.com
Mon Sep 26 14:52:26 UTC 2016
On 09/26/2016 08:43 AM, James Lay wrote:
> So, from what I've read, it appears that
> squid sends the data to a listening ICAP/eCAP service, which in turn the
> IDS can access, depending on the IDS...is that about right?
Not exactly.
Yes, Squid sends the message to the adaptation service ("listening" is
not a good verb for eCAP because, unlike ICAP, eCAP services are not
network services but "plugins" or libraries).
No, the IDS does not normally come to the adaptation service for
messages. Normally, the adaptation service itself needs to give IDS the
data. How that is done depends on the IDS interfaces, of course.
On a logical level, the message is transmitted using the following chain:
Squid -> adaptation service -> IDS
And the allow/block decision (if any) is transmitted in the opposite
direction:
Squid <- adaptation service <- IDS
Alex.
More information about the squid-users
mailing list