Hey,
The main issue is that using DG with squid might lead to an issue.
The basic issue is two proxies per connection which is almost the same
as ICAP service else then the ICAP service doesn't care for real in most
cases what are the TCP levels of the connection.
Handling SSL encrypted sessions by default is not the best thing to do.
It is indeed being done and being used but it's one of the things that
can be identified with even almost a naked human eyes.
In the cases that there are ip addresses which are using a combination
of client and server side certificates the option to intercept it drops
to a trizillion percent of success(if even possible).
If there is a way to analyze the network usage it will be quite simple
to implement the right solution.
On the cases which there is not way to first know the load and the
traffic I would not use DG but squid as the main classification tool.
Eliezer
On 21/01/14 19:56, Rafael Akchurin wrote:
Hello,
May be it is time to look into ICAP web filtering server for Squid?
As an example see a short howto -http://www.howtoforge.com/filtering-https-traffic-with-squid.
Best regards,
Sich
