Appendix 1. Installing and configuring the Squid service

If you use a separate proxy server, by default, Kaspersky Web Traffic Security does not encrypt ICAP traffic or authenticate ICAP clients. The application administrator must independently ensure a secure network connection between your proxy server and Kaspersky Web Traffic Security by using traffic tunneling or iptables.

You can choose not to use a separate proxy server and instead install the Squid service.

Installation and configuration of the Squid service includes the following steps.

  1. Installing the Squid service
  2. Configuring the Squid service
  3. Configuring SSL Bumping in the Squid service

    It is recommended to configure SSL Bumping in the Squid service to handle encrypted connections. If SSL Bumping is not configured, the proxy server cannot intervene in the process of establishing an encrypted connection. In this case, the protection modules of Kaspersky Web Traffic Security (Anti-Virus and Anti-Phishing) are unable to scan data transmitted inside the encrypted data channel. This reduces the level of protection of the corporate IT infrastructure.

  4. Adding exclusions for SSL Bumping

    Use of SSL Bumping may disrupt the operation of certain applications or services that use a proxy server. To ensure their correct operation, you must add them to SSL Bumping exclusions.

  5. Additional configuration for heavy loads

    To process a large number of network connections, you must configure the performance settings of the Squid service and the network stack of the operating system.

In this section:

Installing the Squid service

Configuring the Squid service

Configuring SSL Bumping in the Squid service

Creating a self-signed SSL certificate

Adding exclusions for SSL Bumping

Additional configuration for heavy loads

Page top