[Oisf-users] Application awareness

[Anoop Saldanha]

On Wed, Jul 20, 2016 at 7:55 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> On 7/19/2016 11:38 PM, Vishal Kotalwar wrote:
>> Thanks Andreas for the reply, appreciate it.
>>
>> what I can tell you is, how I may use this feature (probable use cases)
>> if implemented.
>>
>> 1) Control or blocking of traffic: Example - I may want to allow
>> Facebook.com but block the games (say Farmville) or facebook chat
>
> You can do this with Squid for free, provided the content is restricted
> to a unique domain (i.e. chat.facebook.com).  The issue is that
> everything is over SSL now which makes it hard to block specific
> services in some cases.
>
> If you really want to you can configure squid to MITM SSL sessions, so
> you can further restrict access by URI.
>
>> 2) Statistics: I may want to know how many people are using Chrome
>> browser in my network, more detailed could be chrome from desktop/laptop
>> and mobile; next level could be which OS on those devices (e.g. windows,
>> linux, mac, Blackberry, android, ios etc)
>
> This is easy with Squid + the free analysis tool, Calamaris.
>
>> 3) Rate limit: I may want to rate limit video/audio streaming
>> applications on my network to free up bandwidth
>
> Also available in Squid:
>
> http://wiki.squid-cache.org/Features/DelayPools
>
> Basically, you are asking for a proxy-firewall, while Suricata is an IDP
> solution.  Btw, I've done deployments where I've done both on the same
> system.  I just configure suricata to listen inline on the inside
> interface of the Squid proxy and drop Layer-7 packets that match
> signatures.
>

@Cooper

I have heard people complain about squid for commercial production
deployments and replace it to build something inhouse.  How good was
squid from a reliability and performance(what was the bandwidth cap)
point of view?  Did you see any other issues with it?

-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------