<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2016-06-08 19:09 GMT-03:00 Eliezer Croitoru <span dir="ltr"><<a href="mailto:eliezer@ngtech.co.il" target="_blank">eliezer@ngtech.co.il</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hey Sergio,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">There are couple approaches to content filtering in the Linux world and in other spaces.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Squid is open source and gives a lot but there are other ideas and ways to perform content filtering.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Squid was designed for caching and does things in a specific way while other solution might give a feature that would work "without interception".<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">On http it is doable to perform filtering in a very efficient way that is similar to Squid's PEEK and SPLICE but there is a need in some level of Interception in one step or another to perform the actual "block" operation.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I do not know about Open Source products that offers everything and it is very simple to understand why.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">What I know about are <u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>-<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span dir="LTR"></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Squid + external tools(such as SquidGuard, ufdbguard, others)<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>-<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span dir="LTR"></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Ntop layer 7 filtering<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>-<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span dir="LTR"></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Custom DPI iptables modules<u></u><u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>-<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span dir="LTR"></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">NFQUEUE based IPS\IDS which can act as a url filtering engine<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Consider that if you require only filtering and not caching then you can get very high performance from many applications.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The fact that Squid was designed for Caching doesn't mean that you need to use it.<br>Also there are couple cases which caching will hold your line and users speed.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The best case scenario would be to not Intercept the traffic into squid while in many cases it is not possible.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Eliezer<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial Rounded MT Bold","sans-serif";color:#1f497d">----<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Arial Rounded MT Bold","sans-serif";color:#1f497d"><a href="http://ngtech.co.il/lmgtfy/" target="_blank"><span style="color:#0563c1">Eliezer Croitoru</span></a><br>Linux System Administrator<br>Mobile: +972-5-28704261<br>Email: <a href="mailto:eliezer@ngtech.co.il" target="_blank">eliezer@ngtech.co.il</a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><img src="cid:image003.png@01D1C1EB.8E4E8180" border="0" height="69" width="183"><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><br><div class="h5"><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p class="MsoNormal"><a href="http://www.lpi.org" target="_blank">rg</a></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></blockquote></div><br><br></div><div class="gmail_extra">Thanks Eliezer, good summary. I've changed the subject to reflect better the issue. As far I undestand from documention one can bump https only by interception. <br></div><div class="gmail_extra">But what about if one Windows user login against an Active Directory, will the authenticacion work to use the proxy?<br><br></div><div class="gmail_extra">I mean, what I'd want is:<br><br></div><div class="gmail_extra">- Only users of an Active Directory can use the proxy<br></div><div class="gmail_extra">- Block certains urls<br><br></div><div class="gmail_extra">Is that possible with squid+ufwdbguard?<br><br></div><div class="gmail_extra">Or should I use other tools/ways just like you mentioned?<br><br></div><div class="gmail_extra">Thanks in advance!<br clear="all"></div><div class="gmail_extra"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr">--<br>Sergio Belkin<br>LPIC-2 Certified - <a href="http://www.lpi.org" target="_blank">http://www.lpi.org</a></div></div></div></div>
</div></div>