14.12.2016 21:59, Yuri Voinov пишет: > > > > 14.12.2016 21:08, Rafael Akchurin пишет: >> >> Hello everyone, >> >> >> >> After pulling all my hair out and reading every possible howto on the >> Internet for Cisco ASA integration with Squid using WCCP I have >> decided to write my own. The how to is at >> https://docs.diladele.com/tutorials/web_filter_https_squid_cisco_wccp/index.html. >> Please note it is aimed at those with minimal admin skills and >> contains every single step thoroughly described (mostly for myself >> not to forget anything). >> Raf, one more note. WCCP is never be easy for junior admins. Especially with minimal admin skills. As by ASA ;) And (by my own opinion) Squid + WCCP for any infrastructure never been simple task and will never be simple task. ;) Warn you readers, not mislead them, though it is a very simple task. >> >> >> >> May I get your opinions/ideas if what is written is good enough for >> the novice admin? >> >> >> >> Moreover several question remain: >> >> >> >> 1. Does Squid perform fake CONNECT requests with SNI info >> instead of raw IP like I am seeing now? >> >> 2. Why HTTPS redirection only works with “wccp2_service_info 70 >> protocol=tcp flags=*dst_ip_hash* priority=240 ports=443” (all other >> flags from wccp configuration section in squid.conf do not work). >> > Because of ASA is router. Cisco routers uses HASH as assignment method. >> >> 3. How to bypass connections from workstations to specific >> remote sites by FQDN on Cisco ASA? >> > In fact this will occurs by IP anyway. Cisco devices do DNS lookup and > saves IP's in config instead of FQDN. >> >> 4. Or maybe it is better to exclude them (3) from SSL bump on >> Squid using ssl::server_name by splicing? >> > Depending your requirements. >> >> >> >> Thanks in advance for everyone who responds. >> >> >> >> Best regards, >> >> Rafael Akchurin >> >> Diladele B.V. >> >> >> >> -- >> >> Please take a look at Web Safety - our ICAP based web filter server >> for Squid proxy at https://www.diladele.com >> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users > > -- > Cats - delicious. You just do not know how to cook them.
-- Cats - delicious. You just do not know how to cook them.
0x613DEC46.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
