Hi We can do Thursday at 12:30 after our SAM meeting
From: squid-users <squid-users-boun...@lists.squid-cache.org> on behalf of Odhiambo Washington <odhia...@gmail.com> Date: Wednesday, 26 May 2021 at 10:36 To: "squid-users@lists.squid-cache.org" <squid-users@lists.squid-cache.org> Subject: Re: [squid-users] Caching configuration for Squid on Windows On Wed, May 26, 2021 at 11:32 AM Matus UHLAR - fantomas <uh...@fantomas.sk<mailto:uh...@fantomas.sk>> wrote: >> >On 22/05/21 2:06 am, Odhiambo Washington wrote: >> >>I installed this on my Windows 10 but gave up when I could not make >> >>it to cache anything. >> >> On 26.05.21 12:57, Amos Jeffries wrote: >> >Squid by default uses a memory based cache these days. Unless your >> >traffic is non-cacheable you should be seeing some things stored there >> >without any configuration. >On Wed, May 26, 2021 at 10:18 AM Matus UHLAR - fantomas ><uh...@fantomas.sk<mailto:uh...@fantomas.sk>> >wrote: >> The main problem is that most of web content it HTTPS, which means it's >> hardly cacheable outside of web browsers. >> >> with https, proxy only sees stream of encrypted data: >> the "s" in https means "secure" so no third party sees your data. >> >> caching it requires decrypting of the connection, which means doing >> man-in-the-mittle attack. It requires private certififacion authority >> installed on squid and in the browser, and for some domains using CAA >> browsers will still complain, or you'll have to fake DNS CAA records, which >> is harder with when using DNSSES, DoT or DoH. On 26.05.21 11:25, Odhiambo Washington wrote: >In the light of the foregoing, what is the standard way of deploying Squid >these days? >Is the use of the ssl_bump becoming standard or no one needs any caching >within Squid these days so that Squid >has become a tool for filtering and access control only? I guess it's the latter. I personally think in cases of e.g. public documents where the only privacy issue is that you know who accesses what content, simpler version of security could be enough: confirmation of authenticity (the content was not modified). Such content could be cacheable. Thank you for clarifying this. So ideally, outbound access control and reverse proxying :) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v "^$|^.*#" :-)
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
