[squid-users] Caching configuration for Squid on Windows
Odhiambo Washington
odhiambo at gmail.com
Wed May 26 08:33:59 UTC 2021
On Wed, May 26, 2021 at 11:32 AM Matus UHLAR - fantomas <uhlar at fantomas.sk>
wrote:
> >> >On 22/05/21 2:06 am, Odhiambo Washington wrote:
> >> >>I installed this on my Windows 10 but gave up when I could not make
> >> >>it to cache anything.
> >>
> >> On 26.05.21 12:57, Amos Jeffries wrote:
> >> >Squid by default uses a memory based cache these days. Unless your
> >> >traffic is non-cacheable you should be seeing some things stored there
> >> >without any configuration.
>
> >On Wed, May 26, 2021 at 10:18 AM Matus UHLAR - fantomas <
> uhlar at fantomas.sk>
> >wrote:
> >> The main problem is that most of web content it HTTPS, which means it's
> >> hardly cacheable outside of web browsers.
> >>
> >> with https, proxy only sees stream of encrypted data:
> >> the "s" in https means "secure" so no third party sees your data.
> >>
> >> caching it requires decrypting of the connection, which means doing
> >> man-in-the-mittle attack. It requires private certififacion authority
> >> installed on squid and in the browser, and for some domains using CAA
> >> browsers will still complain, or you'll have to fake DNS CAA records,
> which
> >> is harder with when using DNSSES, DoT or DoH.
>
> On 26.05.21 11:25, Odhiambo Washington wrote:
> >In the light of the foregoing, what is the standard way of deploying Squid
> >these days?
> >Is the use of the ssl_bump becoming standard or no one needs any caching
> >within Squid these days so that Squid
> >has become a tool for filtering and access control only?
>
> I guess it's the latter.
>
> I personally think in cases of e.g. public documents where the only
> privacy
> issue is that you know who accesses what content, simpler version of
> security could be enough: confirmation of authenticity (the content was not
> modified). Such content could be cacheable.
Thank you for clarifying this.
So ideally, outbound access control and reverse proxying :)
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v "^$|^.*#" :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210526/32b62f97/attachment.htm>
More information about the squid-users
mailing list