Re: Replacing squid with WSA

kisanak_ironport · ‎09-03-2007

I'm in the middle of evaluating WSA and will replace our squid.

On existing squid configuration:

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

Which means not to cache any URL with cgi-bin keyword.

Any way to put this on WSA configuration?

TIA

Denis_ironport · ‎09-03-2007

As far as I know the next release (5.2) will have a configurable no cache URL list which supports regular expressions.

jbivens_ironport · ‎09-03-2007

That feature is in 5.2 which is already in it's second beta run. Unfortunately I don't know the expected release date but it shouldn't be that far out.

Sincerely,

Jay Bivens
IronPort Systems

angfeglandagan · ‎03-31-2008

Hi Kisanak , can you point out the configuration on your squid where ironport is my upstream proxy?

regards,
Capt Winters

redeemer_ironport · ‎05-01-2008

Hi All
Unfortunately Ironport is a security device and not a proxy, for us it was missing a number of things that we couldn't do without

To use Ironport as the upstream proxy i believe you just need to add:

cache_peer upstream.server.address parent 8080 0 no-query no-digest
never_direct allow all

note: all logs in ironport reflect traffic from squid with this config.

Doc_ironport · ‎05-01-2008

Hi All
Unfortunately Ironport is a security device and not a proxy, for us it was missing a number of things that we couldn't do without

The WSA is both - it's a high performance proxy _and_ a security device.

The focus of the product is certainly more on the security side, but the proxy is the under-pinning technology which allows us to build on the extra features.

There are certainly features in Squid that we don't have in the WSA, however many of these features were included at a time when bandwidth was expensive, cache rates were high, and internet links were slow. Whilst that's certainly still the case in some parts of the world, most of the world is very different now, and many of the features that Squid has are not as relevant to todays world.

Don't get me wrong, Squid is an excellent product (I've been using it since well before the "Squid" name came along - bonus points for anyone that can remember the previous name!), but it's strengths are very different to those of the IronPort S-series.

redeemer_ironport · ‎05-02-2008

Dont get me wrong we love our WSA but cant live without squid either,

Id make a list of things that WSA cant to for us but I only ever wanted to help the above post integrate the two products like we have ;)

chhaag · ‎05-02-2008

Redeemer?

I'd love to know the top 3 or 4 things you do with Squid that you'd like to see the WSA handle?

I'm not promising anything of course ;-)

cheers

Tim Jackson · ‎05-02-2008

How about HTTP site acceleration?

jowolfer · ‎05-05-2008

Tjackson,

The WSA supports all HTTP caching options as well as the ability to override just about any aspect of caching, so you can be as loose are aggressive as you desire.

Tim Jackson · ‎05-05-2008

Can you adjust the aggressiveness based on the site or is it a global setting?

redeemer_ironport · ‎05-06-2008

Redeemer (Redeemer Lutheran College) Brisbane Australia

here is are my top 4 requests
Please note that we still spend $1000AU's a month on 30Mbit/30Mbit internet and bandwidth management is a must.

Delay Pools = The ability to allow small files to download quickly and large files to download slowly, this allows web surfing to work well and discourages staff and kids from downloading large files like music and games.

IDENT or similar = Allows the logging of user ids for reporting without making the user login for web traffic, ( we do not use Active Directory, we use eDirectory )

Bandwidth policies management = Allow allocation of bandwidth depending on policy, staff or student, (this would require the above) and subnet/ network segment

Time based policy management = ( i believe this is coming, yet it can be done now but it is a hack ), separate policy's for when the kids are in class or at lunch/after school

Cheers for considering these

Steve
:)

jowolfer · ‎05-06-2008

Can you adjust the aggressiveness based on the site or is it a global setting?

Currently, It is a global setting.