[squid-users] Squid web isolation
Grant Taylor
gtaylor at tnetconsulting.net
Mon Nov 14 17:30:01 UTC 2022
On 11/14/22 10:08 AM, Alex Rousskov wrote:
> AFAICT, "Web Isolation" requires rewriting HTTP responses. Yes, Squid
> can use an ICAP/eCAP content adaptation service to rewrite HTTP
> responses.
I feel like just saying Web Isolation rewrites HTTP responses is about
like saying you're going to experience moisture when standing in front
of a tidal wave. Is it true? Yes. Does it convey scope? Not even
remotely.
Aside: I think the fact that Web Isolation uses JavaScript is ironic.
> However, you would need to find or create a service that implements
> the guts of what Symantec calls "Web Isolation". I doubt you will
> find similar open source services.
Ya.... It seems as if Web Isolation does a full render of the requested
page in a sandbox / custom web browser hostsed on the Web Isolation
infrastructure and sends a responsive representation thereof to clients
for use / interaction with. This is all done in the context of an HTTP
reqeust (over HTTP and / or HTTPS?) in a seemingly very transparent way.
This infrastructure to do the rendering and recomposition to generate
and send the inew faximily to the client is WAY beyond what Squid is
designed to do.
I agree that this probably could be done through content adaptation.
But this seems like it is an entire product / industry unto itself.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20221114/a95ac096/attachment-0001.bin>
More information about the squid-users
mailing list