I am trying to set up a Squid Proxy combined with DansGuardian Content filtering engine on EC2. I will be filtering traffic from mobile(IOS/Android) clients via this filtered proxy but that could mean a lot of traffic flowing through my system, since I will have to route all of the traffic through the DNS, which inturn could mean a lot Amazon EC2 costs!. Is there a known method/standard in which I can direct only known blacklisted traffic via this proxy in a cost effective manner?. Things I have explored include creating blacklists on the device and filtering right there , but that might mean I have to keep going back and changing (adding or removing sites) and this is not really feasible anyway.
Asked
Active
Viewed 174 times
0
-
Don't use EC2? It's not like it's the only provider, and it certainly isn't the cheapest. – Michael Hampton Nov 14 '13 at 03:06
-
Yeah we thought about that, but we will have to scale quite a bit, and every user adds that much more traffic and from a cost perspective amazon might be the cheapest option to handle this sort of traffic – Vrashabh Irde Nov 14 '13 at 03:30
1 Answers
0
I think you have to try an opposite strategy. I don't know how DansGuardian does blacklisted traffic but I bet it will be hard to get that info out of DansGuardian and push that information out to the mobile clients.
Instead, you could push a list of known good but high traffic/high bandwidth sites out to the clients. You could build this list by reading the squid logs to see what is allowed, then aggregate it (such as the highest byte count sites, or most popular sites, each day) and update the "permit list". You could encode the permit list into a proxy.pac file and have the clients read that. I know proxy.pac is supported by iOS, and it may have native support in Android by now, not sure.
This architecture will not be 100% percent efficient but it can cut the worst bandwidth hogs out of the path and save you a lot of money.
whitepaws
- 377
- 1
- 2