Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Replacing squid with WSA

I'm in the middle of evaluating WSA and will replace our squid.

On existing squid configuration:

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

Which means not to cache any URL with cgi-bin keyword.

Any way to put this on WSA configuration?

TIA

12 REPLIES
New Member

Re: Replacing squid with WSA

As far as I know the next release (5.2) will have a configurable no cache URL list which supports regular expressions.

New Member

That's correct

That feature is in 5.2 which is already in it's second beta run. Unfortunately I don't know the expected release date but it shouldn't be that far out.

Sincerely,

Jay Bivens
IronPort Systems

New Member

WSA integration with Existing Squid

Hi Kisanak , can you point out the configuration on your squid where ironport is my upstream proxy?

regards,
Capt Winters

New Member

squid n ironport

Hi All
Unfortunately Ironport is a security device and not a proxy, for us it was missing a number of things that we couldn't do without

To use Ironport as the upstream proxy i believe you just need to add:

cache_peer upstream.server.address parent 8080 0 no-query no-digest
never_direct allow all

note: all logs in ironport reflect traffic from squid with this config.

New Member

Re: squid n ironport

Hi All
Unfortunately Ironport is a security device and not a proxy, for us it was missing a number of things that we couldn't do without


The WSA is both - it's a high performance proxy _and_ a security device.

The focus of the product is certainly more on the security side, but the proxy is the under-pinning technology which allows us to build on the extra features.

There are certainly features in Squid that we don't have in the WSA, however many of these features were included at a time when bandwidth was expensive, cache rates were high, and internet links were slow. Whilst that's certainly still the case in some parts of the world, most of the world is very different now, and many of the features that Squid has are not as relevant to todays world.

Don't get me wrong, Squid is an excellent product (I've been using it since well before the "Squid" name came along - bonus points for anyone that can remember the previous name!), but it's strengths are very different to those of the IronPort S-series.

New Member

Re: Replacing squid with WSA

Dont get me wrong we love our WSA but cant live without squid either,

Id make a list of things that WSA cant to for us but I only ever wanted to help the above post integrate the two products like we have ;)

New Member

The deights of calamari

Redeemer?

I'd love to know the top 3 or 4 things you do with Squid that you'd like to see the WSA handle?

I'm not promising anything of course ;-)

cheers

New Member

Re: Replacing squid with WSA

How about HTTP site acceleration?

New Member

Re: Replacing squid with WSA

Tjackson,

The WSA supports all HTTP caching options as well as the ability to override just about any aspect of caching, so you can be as loose are aggressive as you desire.

New Member

Re: Replacing squid with WSA

Can you adjust the aggressiveness based on the site or is it a global setting?

New Member

WSA Featuer Requests

Redeemer (Redeemer Lutheran College) Brisbane Australia

here is are my top 4 requests
Please note that we still spend $1000AU's a month on 30Mbit/30Mbit internet and bandwidth management is a must.

Delay Pools = The ability to allow small files to download quickly and large files to download slowly, this allows web surfing to work well and discourages staff and kids from downloading large files like music and games.

IDENT or similar = Allows the logging of user ids for reporting without making the user login for web traffic, ( we do not use Active Directory, we use eDirectory )

Bandwidth policies management = Allow allocation of bandwidth depending on policy, staff or student, (this would require the above) and subnet/ network segment

Time based policy management = ( i believe this is coming, yet it can be done now but it is a hack ), separate policy's for when the kids are in class or at lunch/after school

Cheers for considering these

Steve
:)

New Member

Re: Replacing squid with WSA

Can you adjust the aggressiveness based on the site or is it a global setting?

Currently, It is a global setting.

436
Views
0
Helpful
12
Replies