Hey, I have been thinking about defining a specific way that will tag connections with an APP ID for simplicity. For example I have just seen couple support websites of web systems vendors that provide their domains and ip addresses. The basic example would be: https://help.pluralsight.com/help/ip-allowlist Which provides the next basic info: *.pluralsight.com *.typekit.com # Video CDN vid.pluralsight.com vid5.pluralsight.com vid20.pluralsight.com vid21.pluralsight.com vid30.pluralsight.com # Excertises files ip-video-course-exercise-files-us-west-2.s3.us-west-2.amazonaws.com So it means that technically if I have this defined somewhere I can run an external acl helper that will get all the details of the request and will tag the request and/or connection with an APP ID that can be allowed or denied by the next external acl helper in the pipe line. The next access log: https://www.ngtech.co.il/squid/pluralsight-access-log.txt is a bit redacted but still contains the relevant log lines. So the relevant ACL options are: http_access Allow/deny TLS Splice/bump Dst_ip - APP ID Src_ip - Allow/Deny/others Cache allow/deny I would assume that every request with the dstdomain: .pluralsight.com ip-video-course-exercise-files-us-west-2.s3.us-west-2.amazonaws.com Or SNI regex: \.pluralsight\.com$ ^ip-video-course-exercise-files-us-west-2\.s3\.us-west-2\.amazonaws\.com$ Should 100% be tagged with a pluralsight APP ID tag. It would be a similar idea with goolge/gmail/Microsoft/AV/others And since it's a very simple and re-producible APP ID tagging technique it can be simplified into a set of helpers. So first, what do you as a squid user think about it? Can you and others help me work on a simple project that will help with this specific idea? A list of applications ID might be a good starter for the first POC/Development process. One place I have seen a similar implementation would be: https://github.com/ntop/nDPI/blob/dev/src/include/ndpi_protocol_ids.h I think that the goal would be that it would be possible to use an API that will be able to change a rule or a ruleset per client paired with a protocol. Much like in a FW rules the helper would be able to run a query against a small embedded json/other dbase/base that will contain all the relevant details of the apps And another part of it would be to contain the ruleset itself. So for example a definition of: Match: client, appID, verdict(allow/deny) Match: client, appID, verdict(bump/splice) Match: dst, appID, verdict(allow/deny).. Would be pretty simple to define by the proxy admin. Let me know how can you help with this project. Thanks, Eliezer ---- Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
