We use out squid proxies for 2 things, one of them is minor and can be done without if needed..
1.) We use Smartfilter on it. Content filtering. 2.) Caching (obviously). The biggest thing we cache is an internal tool that a callcenter we have uses. About 400 people bang on an IIS website that lives in another remote site constantly. They bang on this via HTTPS and we found that caching this content on the local squid proxy was saving us about 3-4mb average traffic. A good portion of these requests are images (decent size) -----Original Message----- From: Adrian Chadd [mailto:[EMAIL PROTECTED] Sent: Friday, April 25, 2008 9:56 AM To: Nick Duda Cc: 'Adrian Chadd'; Squid-users Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect On Fri, Apr 25, 2008, Nick Duda wrote: > So it looks like WCCP with an ASA (or some other Cisco WCCP2 supporting > device) and Squid (v3?) can only do port 80 interception huh....blah Squid-3's support is for pulling apart an SSL stream into non-SSL and re-encrypting it afterwards. You don't -have- to do that - it'd be mostly trivial to write a basic TCP tunnel in Squid -just- for intercepting arbitrary TCP ports to do basic ACLs (eg source/dest IP; throw request into a CONNECT to an upstream proxy, etc) - but noone's written it for Squid-2. The big question is - why do you want to intercept port 443? Adrian > > > > -----Original Message----- > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 24, 2008 11:53 PM > To: Nick Duda > Cc: Squid-users > Subject: Re: [squid-users] WCCP, Squid, ASA, HTTP redirect > > On Thu, Apr 24, 2008, Nick Duda wrote: > > I've googled and saw some stuff but nothing that I can really make sense of. > > > > We have successfully designed (and its working) 2 squid transparent proxy > > servers, both WCCP to an ASA working as failover (if squid dies on one > > proxy the other one starts taking the redirects from the ASA). The only > > problem is that we cant figure out how to get HTTPS requests redirected > > from the ASA to the proxy (using WCCP). Does anyone know how this can > > happen? Do I need to use dynamic's instead of standards for WCCP? (Ive > > tried, without success). > > > > I really cant imagine that all this WCCP with a web-cache can not work with > > HTTPS (that would suck) > > Squid-2 doesn't support any form of HTTPS "interception". > > I could probably be twisted to implement a basic tunnel just for supporting > intercepted requests (so you can do very basic ACL processing on them.) > > > > Adrian > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support > - > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
