[squid-users] On what methods does url filtering needs to apply?

Eliezer Croitoru eliezer at ngtech.co.il
Mon Sep 28 19:25:23 UTC 2015


Thanks Marcus,

In this case I do not care about malware in the OPTIONS,HEAD or PUT methods.
And it seems like this is the main different between a basic abusive 
content filtering(leaving the abusive definition abstract) and a 
security product which meant to block malware.
I still suspect that if there is no access using the GET and POST 
methods it is most likely that the malware will not be there from the 
first place but it is not guaranteed.
So from a business point of view, in most cases inspection of all 
traffic is a requirement of security.
For example, in a health care facility the ACLs are to ensure security 
and also to block abusive content and there should be a requirement to 
inspect all traffic.
While on an ISP it might not be required.

Eliezer

On 28/09/2015 21:58, Marcus Kool wrote:
> "content filtering" may filter only content while a generic filter may
> filter anything
> including malware that uses PUT, OPTION and/or HEAD to upload credit
> card data.
>
> So it depends on what you want to filter. If it is downloadable content
> only, you can stick with filtering GET POST CONNECT.
>
> Marcus



More information about the squid-users mailing list