On Wed, May 26, 2021 at 11:32 AM Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> >> >On 22/05/21 2:06 am, Odhiambo Washington wrote: > >> >>I installed this on my Windows 10 but gave up when I could not make > >> >>it to cache anything. > >> > >> On 26.05.21 12:57, Amos Jeffries wrote: > >> >Squid by default uses a memory based cache these days. Unless your > >> >traffic is non-cacheable you should be seeing some things stored there > >> >without any configuration. > > >On Wed, May 26, 2021 at 10:18 AM Matus UHLAR - fantomas < > uh...@fantomas.sk> > >wrote: > >> The main problem is that most of web content it HTTPS, which means it's > >> hardly cacheable outside of web browsers. > >> > >> with https, proxy only sees stream of encrypted data: > >> the "s" in https means "secure" so no third party sees your data. > >> > >> caching it requires decrypting of the connection, which means doing > >> man-in-the-mittle attack. It requires private certififacion authority > >> installed on squid and in the browser, and for some domains using CAA > >> browsers will still complain, or you'll have to fake DNS CAA records, > which > >> is harder with when using DNSSES, DoT or DoH. > > On 26.05.21 11:25, Odhiambo Washington wrote: > >In the light of the foregoing, what is the standard way of deploying Squid > >these days? > >Is the use of the ssl_bump becoming standard or no one needs any caching > >within Squid these days so that Squid > >has become a tool for filtering and access control only? > > I guess it's the latter. > > I personally think in cases of e.g. public documents where the only > privacy > issue is that you know who accesses what content, simpler version of > security could be enough: confirmation of authenticity (the content was not > modified). Such content could be cacheable. Thank you for clarifying this. So ideally, outbound access control and reverse proxying :) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v "^$|^.*#" :-)
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users