Replacing squid with WSA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2007 06:01 AM
I'm in the middle of evaluating WSA and will replace our squid.
On existing squid configuration:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
Which means not to cache any URL with cgi-bin keyword.
Any way to put this on WSA configuration?
TIA
- Labels:
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2007 02:03 PM
As far as I know the next release (5.2) will have a configurable no cache URL list which supports regular expressions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2007 05:01 PM
That feature is in 5.2 which is already in it's second beta run. Unfortunately I don't know the expected release date but it shouldn't be that far out.
Sincerely,
Jay Bivens
IronPort Systems
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2008 03:17 AM
Hi Kisanak , can you point out the configuration on your squid where ironport is my upstream proxy?
regards,
Capt Winters
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2008 01:11 AM
Hi All
Unfortunately Ironport is a security device and not a proxy, for us it was missing a number of things that we couldn't do without
To use Ironport as the upstream proxy i believe you just need to add:
cache_peer upstream.server.address parent 8080 0 no-query no-digest
never_direct allow all
note: all logs in ironport reflect traffic from squid with this config.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2008 10:16 PM
Hi All
Unfortunately Ironport is a security device and not a proxy, for us it was missing a number of things that we couldn't do without
The WSA is both - it's a high performance proxy _and_ a security device.
The focus of the product is certainly more on the security side, but the proxy is the under-pinning technology which allows us to build on the extra features.
There are certainly features in Squid that we don't have in the WSA, however many of these features were included at a time when bandwidth was expensive, cache rates were high, and internet links were slow. Whilst that's certainly still the case in some parts of the world, most of the world is very different now, and many of the features that Squid has are not as relevant to todays world.
Don't get me wrong, Squid is an excellent product (I've been using it since well before the "Squid" name came along - bonus points for anyone that can remember the previous name!), but it's strengths are very different to those of the IronPort S-series.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2008 12:36 AM
Dont get me wrong we love our WSA but cant live without squid either,
Id make a list of things that WSA cant to for us but I only ever wanted to help the above post integrate the two products like we have ;)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2008 02:06 PM
Redeemer?
I'd love to know the top 3 or 4 things you do with Squid that you'd like to see the WSA handle?
I'm not promising anything of course ;-)
cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2008 06:24 PM
How about HTTP site acceleration?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2008 06:09 PM
Tjackson,
The WSA supports all HTTP caching options as well as the ability to override just about any aspect of caching, so you can be as loose are aggressive as you desire.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2008 06:14 PM
Can you adjust the aggressiveness based on the site or is it a global setting?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2008 01:39 AM
Redeemer (Redeemer Lutheran College) Brisbane Australia
here is are my top 4 requests
Please note that we still spend $1000AU's a month on 30Mbit/30Mbit internet and bandwidth management is a must.
Delay Pools = The ability to allow small files to download quickly and large files to download slowly, this allows web surfing to work well and discourages staff and kids from downloading large files like music and games.
IDENT or similar = Allows the logging of user ids for reporting without making the user login for web traffic, ( we do not use Active Directory, we use eDirectory )
Bandwidth policies management = Allow allocation of bandwidth depending on policy, staff or student, (this would require the above) and subnet/ network segment
Time based policy management = ( i believe this is coming, yet it can be done now but it is a hack ), separate policy's for when the kids are in class or at lunch/after school
Cheers for considering these
Steve
:)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2008 04:38 PM
Can you adjust the aggressiveness based on the site or is it a global setting?
Currently, It is a global setting.
