[squid-users] Recommended squid settings when using IPS-based domain blocking
Grant Taylor
gtaylor at tnetconsulting.net
Thu Mar 7 02:21:05 UTC 2024
On 3/6/24 08:48, Jason Marshall wrote:
> We have been using squid (version squid-5.5-6.el9_3.5) under RHEL9 as a
> simple pass-through proxy without issue for the past month or so.
> Recently our security team implemented an IPS product that intercepts
> domain names known to be associated with malware and ransomware command
> and control. Once this was in place, we started having issues with the
> behavior of squid.
Can you get a feed of the verboten domains from the team and configure
Squid to block such requests, thereby eliminating the need to do the DNS
lookup?
--
Grant. . . .
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4033 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240306/a024d20e/attachment.bin>
More information about the squid-users
mailing list