Hey, Depends on your needs but from my experience the most simple solution would be external_acl helper. I have used all 3 options and unless you really have foundation in ICAP and you do have a specific logic that can be done only via ICAP you should stick with external_acl. If you do ask me about the ideal content filter solution? It should be some deep inspection in the content level and not just the URL or domain etc. However again, unless you do have the resources and the basic idea of how you do want to do this deep inspection and mangling of the payload you should stick with external_acl, don’t use url_rewrite unless you do have a specific tool that only supports that. Eliezer ---- Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx My-Tube: https://tube.ngtech.co.il/ From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Lucas Vicente Pereira Good Evening, Community When thinking about URL filtering (http and or https), Which one is the best technique you recommend for integration with Squid 5.7? Environment information: ~2500 users 3 x Internet links 1 Gbps each Average HTTP requests per minute since start: 65956.1 Iptables REDIRECT for squid for transparent mode 1 - External_acl (e.g.: external_acl_type webfilter ipv4 ttl=300 children-startup=40 children-max=256 %>ha{SSLproxy} %ACL %ssl::>sni %>ha{REFERER} %URI %SRC %SRCPORT %DST %PORT %>eui % <h{Content-Type} %>ha{Content-Type} %<h{Content-Length} %>ha{Content-Length} %MYPORT %MYADDR %un %METHOD %>ha{USER-AGENT} /sbin/ webfilter acl acl_webfilter_access external webfilter acl acl_webfilter_reply external webfilter 2 - I-CAP Servers 3 - url_rewrite_program (eg: url_rewrite_program /sbin/webfilter - url_rewrite_children 16 m 4 startup=8 idle=2 concurrency= -l /var/squid/logs 4 Thanks a lot. Sincerely, Lucas Pereira |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
