Search squid archive

Re: Caching configuration for Squid on Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

 

We can do Thursday at 12:30 after our SAM meeting

 

 

 

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Odhiambo Washington <odhiambo@xxxxxxxxx>
Date: Wednesday, 26 May 2021 at 10:36
To: "squid-users@xxxxxxxxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [squid-users] Caching configuration for Squid on Windows

 

 

 

On Wed, May 26, 2021 at 11:32 AM Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote:

>> >On 22/05/21 2:06 am, Odhiambo Washington wrote:
>> >>I installed this on my Windows 10 but gave up when I could not make
>> >>it to cache anything.
>>
>> On 26.05.21 12:57, Amos Jeffries wrote:
>> >Squid by default uses a memory based cache these days. Unless your
>> >traffic is non-cacheable you should be seeing some things stored there
>> >without any configuration.

>On Wed, May 26, 2021 at 10:18 AM Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>
>wrote:
>> The main problem is that most of web content it HTTPS, which means it's
>> hardly cacheable outside of web browsers.
>>
>> with https, proxy only sees stream of encrypted data:
>> the "s" in https means "secure" so no third party sees your data.
>>
>> caching it requires decrypting of the connection, which means doing
>> man-in-the-mittle attack.  It requires private certififacion authority
>> installed on squid and in the browser, and for some domains using CAA
>> browsers will still complain, or you'll have to fake DNS CAA records, which
>> is harder with when using DNSSES, DoT or DoH.

On 26.05.21 11:25, Odhiambo Washington wrote:
>In the light of the foregoing, what is the standard way of deploying Squid
>these days?
>Is the use of the ssl_bump becoming standard or no one needs any caching
>within Squid these days so that Squid
>has become a tool for filtering and access control only?

I guess it's the latter.

I personally think in cases of e.g.  public documents where the only privacy
issue is that you know who accesses what content, simpler version of
security could be enough: confirmation of authenticity (the content was not
modified). Such content could be cacheable.

 

Thank you for clarifying this.

So ideally, outbound access control and reverse proxying :) 


 

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v "^$|^.*#" :-)

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux