as well. Then, if another client were to request the same page soon
thereafter, the proxy would simply provide the cached content without rerequesting the same web page over the T-1.
Proxy Logs: Typical proxy logs not only include elements like the time,
requesters's IP address, and URL, but also the result status of the request,
and sometimes the username that made it.
Blue Coat Proxy: is an appliance used widely in corporate enterprise
networks. It includes the built-in ability to perform SSL proxying.
Reverse Proxy: In this model, proxy servers generally broker requests from
a large number of clients systems to a smaller number of servers. Often, a
reverse proxy will provide load-balancing, compression, and other
performance-enhancing functionality.
Squid Proxy Server: Its an free, relatively easy to deploy but flexible
enough for complex deployments.
Three main forensically relevant elements
IP based ACL
User Authentication
User-Agent
regex
min
^ftp:
pct
1440
max
20%
10080
Date/Time
Cached
Cache Expiration
http://www.squid-cache.org/Doc/config/refresh_pattern/
Query strings are not logged by default. To enable this feature, add the following to
/etc/squid/squid.conf
strip_query_terms of