topic Re: Replacing squid with WSA in Web Security

Replacing squid with WSA

kisanak_ironport — Mon, 03 Sep 2007 13:01:30 GMT

I'm in the middle of evaluating WSA and will replace our squid.

On existing squid configuration:

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

Which means not to cache any URL with cgi-bin keyword.

Any way to put this on WSA configuration?

TIA

Re: Replacing squid with WSA

Denis_ironport — Mon, 03 Sep 2007 21:03:54 GMT

As far as I know the next release (5.2) will have a configurable no cache URL list which supports regular expressions.

That's correct

jbivens_ironport — Tue, 04 Sep 2007 00:01:32 GMT

That feature is in 5.2 which is already in it's second beta run. Unfortunately I don't know the expected release date but it shouldn't be that far out.

Sincerely,

Jay Bivens
IronPort Systems

WSA integration with Existing Squid

angfeglandagan — Mon, 31 Mar 2008 10:17:10 GMT

Hi Kisanak , can you point out the configuration on your squid where ironport is my upstream proxy?

regards,
Capt Winters

squid n ironport

redeemer_ironport — Thu, 01 May 2008 08:11:13 GMT

Hi All
Unfortunately Ironport is a security device and not a proxy, for us it was missing a number of things that we couldn't do without

To use Ironport as the upstream proxy i believe you just need to add:

cache_peer upstream.server.address parent 8080 0 no-query no-digest
never_direct allow all

note: all logs in ironport reflect traffic from squid with this config.

Re: squid n ironport

Doc_ironport — Fri, 02 May 2008 05:16:09 GMT

Hi All
Unfortunately Ironport is a security device and not a proxy, for us it was missing a number of things that we couldn't do without

The WSA is both - it's a high performance proxy _and_ a security device.

The focus of the product is certainly more on the security side, but the proxy is the under-pinning technology which allows us to build on the extra features.

There are certainly features in Squid that we don't have in the WSA, however many of these features were included at a time when bandwidth was expensive, cache rates were high, and internet links were slow. Whilst that's certainly still the case in some parts of the world, most of the world is very different now, and many of the features that Squid has are not as relevant to todays world.

Don't get me wrong, Squid is an excellent product (I've been using it since well before the "Squid" name came along - bonus points for anyone that can remember the previous name!), but it's strengths are very different to those of the IronPort S-series.

Re: Replacing squid with WSA

redeemer_ironport — Fri, 02 May 2008 07:36:32 GMT

Dont get me wrong we love our WSA but cant live without squid either,

Id make a list of things that WSA cant to for us but I only ever wanted to help the above post integrate the two products like we have 😉

The deights of calamari

chhaag — Fri, 02 May 2008 21:06:47 GMT

Redeemer?

I'd love to know the top 3 or 4 things you do with Squid that you'd like to see the WSA handle?

I'm not promising anything of course 😉

cheers

Re: Replacing squid with WSA

Tim Jackson — Sat, 03 May 2008 01:24:45 GMT

How about HTTP site acceleration?

Re: Replacing squid with WSA

jowolfer — Tue, 06 May 2008 01:09:54 GMT

Tjackson,

The WSA supports all HTTP caching options as well as the ability to override just about any aspect of caching, so you can be as loose are aggressive as you desire.

Re: Replacing squid with WSA

Tim Jackson — Tue, 06 May 2008 01:14:02 GMT

Can you adjust the aggressiveness based on the site or is it a global setting?

WSA Featuer Requests

redeemer_ironport — Tue, 06 May 2008 08:39:26 GMT

Redeemer (Redeemer Lutheran College) Brisbane Australia

here is are my top 4 requests
Please note that we still spend $1000AU's a month on 30Mbit/30Mbit internet and bandwidth management is a must.

Delay Pools = The ability to allow small files to download quickly and large files to download slowly, this allows web surfing to work well and discourages staff and kids from downloading large files like music and games.

IDENT or similar = Allows the logging of user ids for reporting without making the user login for web traffic, ( we do not use Active Directory, we use eDirectory )

Bandwidth policies management = Allow allocation of bandwidth depending on policy, staff or student, (this would require the above) and subnet/ network segment

Time based policy management = ( i believe this is coming, yet it can be done now but it is a hack ), separate policy's for when the kids are in class or at lunch/after school

Cheers for considering these

Steve
🙂

Re: Replacing squid with WSA

jowolfer — Tue, 06 May 2008 23:38:12 GMT

Can you adjust the aggressiveness based on the site or is it a global setting?

Currently, It is a global setting.