
I have been thinking about defining a specific way that will tag connections
with an APP ID for simplicity.
For example I have just seen couple support websites of web systems vendors
that provide their domains and ip addresses.
The basic example would be:

Which provides the next basic info:

# Video CDN

# Excertises files

So it means that technically if I have this defined somewhere I can run an
external acl helper that will get all the details of the request and will
the request and/or connection with an APP ID that can be allowed or denied
by the next external acl helper in the pipe line.
The next access log:

is a bit redacted but still contains the relevant log lines.

So the relevant ACL options are:
http_access Allow/deny
TLS Splice/bump
Dst_ip - APP ID
Src_ip - Allow/Deny/others
Cache allow/deny
I would assume that every request with the dstdomain:

Or SNI regex:

Should 100% be tagged with a pluralsight APP ID tag.

It would be a similar idea with goolge/gmail/Microsoft/AV/others
And since it's a very simple and re-producible APP ID tagging technique it
can be simplified into a set of helpers.

So first, what do you as a squid user think about it?
Can you and others help me work on a simple project that will help with this
specific idea?
A list of applications ID might be a good starter for the first
POC/Development process.

One place I have seen a similar implementation would be:

I think that the goal would be that it would be possible to use an API that
will be able to change a rule or a ruleset per client paired with a
Much like in a FW rules the helper would be able to run a query against a
small embedded json/other dbase/base that will contain all the relevant
details of the apps
And another part of it would be to contain the ruleset itself.

So for example a definition of:
Match: client, appID, verdict(allow/deny)
Match: client, appID, verdict(bump/splice)
Match: dst, appID, verdict(allow/deny)..

Would be pretty simple to define by the proxy admin.

Let me know how can you help with this project.


Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com

squid-users mailing list

Reply via email to