[squid-users] Caching configuration for Squid on Windows

Alex Rousskov rousskov at measurement-factory.com
Wed May 26 18:32:20 UTC 2021 

On 5/26/21 4:25 AM, Odhiambo Washington wrote:
> 
> On Wed, May 26, 2021 at 10:18 AM Matus UHLAR wrote:
> 
>     >On 22/05/21 2:06 am, Odhiambo Washington wrote:
>     >>I installed this on my Windows 10 but gave up when I could not make
>     >>it to cache anything.
> 
>     On 26.05.21 12:57, Amos Jeffries wrote:
>     >Squid by default uses a memory based cache these days. Unless your
>     >traffic is non-cacheable you should be seeing some things stored there
>     >without any configuration.
> 
>     The main problem is that most of web content it HTTPS, which means it's
>     hardly cacheable outside of web browsers.
> 
>     with https, proxy only sees stream of encrypted data:
>     the "s" in https means "secure" so no third party sees your data.
> 
>     caching it requires decrypting of the connection, which means doing
>     man-in-the-mittle attack.  It requires private certififacion authority
>     installed on squid and in the browser, and for some domains using CAA
>     browsers will still complain, or you'll have to fake DNS CAA
>     records, which
>     is harder with when using DNSSES, DoT or DoH.

  
> In the light of the foregoing, what is the standard way of deploying
> Squid these days?
> Is the use of the ssl_bump becoming standard or no one needs any caching
> within Squid these days so that Squid
> has become a tool for filtering and access control only?
  

There is no one "standard way" to deploy such versatile software like
Squid: Some deployments bump as much as they can while caching nothing.
Some encrypt everything and cache a lot. There are forward/interception
proxies versus reverse proxies. SaaS proxies versus highly customized
corporate deployments versus in-home installations. Deployments that
contribute a lot to the Squid Project versus those that we have never
heard of. And everything in between.

In most cases, the "standard" does not really matter. Focus on _your_
needs and make sure they can be and are supported well.

Alex.

More information about the squid-users mailing list