Search squid archive

Re: Cisco ASA with transparent Squid with HTTP/HTTPS filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





14.12.2016 21:59, Yuri Voinov пишет:



14.12.2016 21:08, Rafael Akchurin пишет:

Hello everyone,

 

After pulling all my hair out and reading every possible howto on the Internet for Cisco ASA integration with Squid using WCCP I have decided to write my own. The how to is at https://docs.diladele.com/tutorials/web_filter_https_squid_cisco_wccp/index.html. Please note it is aimed at those with minimal admin skills and contains every single step thoroughly described (mostly for myself not to forget anything).

Raf, one more note. WCCP is never be easy for junior admins. Especially with minimal admin skills. As by ASA ;) And (by my own opinion) Squid + WCCP for any infrastructure never been simple task and will never be simple task. ;) Warn you readers, not mislead them, though it is a very simple task.

 

May I get your opinions/ideas if what is written is good enough for the novice admin?

 

Moreover several question remain:

 

1.      Does Squid perform fake CONNECT requests with SNI info instead of raw IP like I am seeing now?

2.      Why HTTPS redirection only works with “wccp2_service_info 70 protocol=tcp flags=dst_ip_hash priority=240 ports=443” (all other flags from wccp configuration section in squid.conf do not work).

Because of ASA is router. Cisco routers uses HASH as assignment method.

3.      How to bypass connections from workstations to specific remote sites by FQDN on Cisco ASA?

In fact this will occurs by IP anyway. Cisco devices do DNS lookup and saves IP's in config instead of FQDN.

4.      Or maybe it is better to exclude them (3) from SSL bump on Squid using ssl::server_name by splicing?

Depending your requirements.

 

Thanks in advance for everyone who responds.

 

Best regards,

Rafael Akchurin

Diladele B.V.

 

--

Please take a look at Web Safety - our ICAP based web filter server for Squid proxy at https://www.diladele.com



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

--
Cats - delicious. You just do not know how to cook them.

--
Cats - delicious. You just do not know how to cook them.

Attachment: 0x613DEC46.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux