Hi Jason, > If you think the external acl method is too expensive to run, how do you > expect to feed this NIDS data back into squid? I think you'd find you'd > need an external acl check to do that bit anyway :-)
I should have been clearer - my use of the term feedback loop was meant to imply that this was an out-of-band method of populating a cache of valid HTTPS IP addresses (as well as the any SNI and even 'Application name') for HTTPS, and observed non-HTTPS traffic over 443 and any other ports. This may compliment any active external acl style checking. Was just thinking out loud - probably a crazy idea if every seriously considered :) Regards, Chris _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
