23.03.2018 21:25, Keith Hartley пишет: > I had not thought to test that. I will do that today. > > In regards to Yuri's comments on firewall vs squid - I don’t agree that a > firewall would be a direct replacement in this case. > > The 30-40 URIs I need to access resolve to a potential pool of several > million IP addresses, and the pool of IP addresses gets updated multiple > times per year. Writing rules at the network level would not be practical to > implement even one time, let alone maintain over time. A more expensive > firewall that is able to implement ACLs by hostname would be needed, and > options for virtual firewalls hosted in Azure are limited. It would also > require either implementing many static routes, or a transit network with a > virtual router, and this environment will be supported by an organization > that does not have a network engineer on staff. It depends. If your make Internet access for servers due to updates - in most cases updates has limited distribution points (of course, we're not considering CDN now). Some cases can be easy solved by server's built-in firewall.
If we're talking about infrastructure, best solution for updates is internal updates server (like WSUS), which only have access to Internet with all security restrictions. You know this better than me ;) Anyway, centralized patch/updates server behind the border firewall is best solution. But this is, of course, abstract discussion. > > I understand that there is very little functionality I need to leverage, but > I like Squid, as it is a name that most people in IT will recognize and be > able to google. We're like it too, but Squid's itself is big and relatively complex software, requires much experience to use and not always easy in support. It has a lot of functions and can have very complex configurations. This is why I can't recommend use it in all cases requires proxying/caching without serious reasons. > > I may still review privoxy however. If it is simple enough that supporting it > would be something easy to just figure out with minimal research, it may > still be a good option. I like simple, but high supportability is mandatory Yes. Privoxy is very simple instead Squid. It is non-caching proxy, which have all functionality you require. It works with hostnames. Don't worry - you will not require much support for it. It's just works. ;) > > > Keith Hartley > Network Engineer II > khart...@geocent.com > www.geocent.com > > -----Original Message----- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Matus UHLAR - fantomas > Sent: Friday, March 23, 2018 3:56 AM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Squid for windows Very slow downloads of large > files through squid with normal uploads > > On 22.03.18 23:08, Keith Hartley wrote: >> However on large files I am only getting 115 Kbps sustained download speeds. > does this happen evben when you try using squid on the mavchine squid is > installed? > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > I drive way too fast to worry about cholesterol. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > Confidentiality Notice: > This email communication may contain confidential information, may be legally > privileged, and is intended only for the use of the intended recipients(s) > identified. Any unauthorized review, use, distribution, downloading, or > copying of this communication is strictly prohibited. If you are not the > intended recipient and have received this message in error, immediately > notify the sender by reply email, delete the communication, and destroy all > copies. Thank you. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -- "C++ seems like a language suitable for firing other people's legs." ***************************** * C++20 : Bug to the future * *****************************
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
