Thanks Marcus,
In this case I do not care about malware in the OPTIONS,HEAD or PUT methods.
And it seems like this is the main different between a basic abusive
content filtering(leaving the abusive definition abstract) and a
security product which meant to block malware.
I still suspect that if there is no access using the GET and POST
methods it is most likely that the malware will not be there from the
first place but it is not guaranteed.
So from a business point of view, in most cases inspection of all
traffic is a requirement of security.
For example, in a health care facility the ACLs are to ensure security
and also to block abusive content and there should be a requirement to
inspect all traffic.
While on an ISP it might not be required.
Eliezer
On 28/09/2015 21:58, Marcus Kool wrote:
"content filtering" may filter only content while a generic filter may
filter anything
including malware that uses PUT, OPTION and/or HEAD to upload credit
card data.
So it depends on what you want to filter. If it is downloadable content
only, you can stick with filtering GET POST CONNECT.
Marcus
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
