On 2016-09-26 08:52, Alex Rousskov wrote:
On 09/26/2016 08:43 AM, James Lay wrote:
So, from what I've read, it appears that
squid sends the data to a listening ICAP/eCAP service, which in turn
the
IDS can access, depending on the IDS...is that about right?
Not exactly.
Yes, Squid sends the message to the adaptation service ("listening" is
not a good verb for eCAP because, unlike ICAP, eCAP services are not
network services but "plugins" or libraries).
No, the IDS does not normally come to the adaptation service for
messages. Normally, the adaptation service itself needs to give IDS the
data. How that is done depends on the IDS interfaces, of course.
On a logical level, the message is transmitted using the following
chain:
Squid -> adaptation service -> IDS
And the allow/block decision (if any) is transmitted in the opposite
direction:
Squid <- adaptation service <- IDS
Alex.
Beautiful...just what I needed. Last question...any recommended open
source ICAP/eCAP services that squid works well with? Thanks again.
James
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
