On 30/07/2013 9:28 p.m., csn233 wrote:
Please use "reply all" instead of "reply"!
For intercepted proxy, you only use HTTP/HTTPS interception. So browser
will access FTP site directly. (Unless you have blocked/redirected FTP port)
Amm.
Clicked wrong button... It's to do with the requirement to log all
traffic, including FTP, as well as the caching benefits.
As stated that requirement is impossible to implement via Squid. You
need to chop it down to a smaller size. In particular there are many
overheads in the TCP/IP layer and in other non-HTTP protocols which
Squid cannot measure nor log. Only the system firewall and related
Layer-2 software has sufficient access to all the information a full
measurement needs.
For all protocols other than plain-text HTTP there are *no* caching
benefits from Squid. Squid will simply *add* overheads of processing and
possibly some few hundred bytes necessary to setup CONNECT tunnels to
peers. Unless you are using ssl-bump to decrypt HTTPS into plain-text
HTTP for Squids usage it is also one of those other protocols where you
get no caching benefit - because everything a cache needs to use is
locked away inside the encryption.
NP: adding SSL-bump just to get a measurement is a very bad reason to do
it on a production proxy. Better to accept that HTTPS has no cache gains
and leave it for now.
Amos
