On 30/07/2013 9:28 p.m., csn233 wrote:
>> Please use "reply all" instead of "reply"!
>>
>> For intercepted proxy, you only use HTTP/HTTPS interception. So browser
>> will access FTP site directly. (Unless you have blocked/redirected FTP port)
>>
>> Amm.
> Clicked wrong button... It's to do with the requirement to log all
> traffic, including FTP, as well as the caching benefits.
As stated that requirement is impossible to implement via Squid. You
need to chop it down to a smaller size. In particular there are many
overheads in the TCP/IP layer and in other non-HTTP protocols which
Squid cannot measure nor log. Only the system firewall and related
Layer-2 software has sufficient access to all the information a full
measurement needs.
For all protocols other than plain-text HTTP there are *no* caching
benefits from Squid. Squid will simply *add* overheads of processing and
possibly some few hundred bytes necessary to setup CONNECT tunnels to
peers. Unless you are using ssl-bump to decrypt HTTPS into plain-text
HTTP for Squids usage it is also one of those other protocols where you
get no caching benefit - because everything a cache needs to use is
locked away inside the encryption.
NP: adding SSL-bump just to get a measurement is a very bad reason to do
it on a production proxy. Better to accept that HTTPS has no cache gains
and leave it for now.
Amos
Received on Tue Jul 30 2013 - 11:05:21 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 30 2013 - 12:00:27 MDT