[OPLINTECH] CACHEBOX

Chad Neeper cneeper at level9networks.com
Mon Mar 25 14:46:49 EDT 2019 

Disclaimer:   I should have stated I'm not specifically familiar with
CACHEBOX. So I'm just speaking from my past experience with caches and
secure vs insecure network traffic. It's quite possible that CACHEBOX
caches non-secure content that may or may not be of benefit to a library
large enough to have patrons repeatedly access cacheable content.


Regardless, in your case, Lisa, unless you have some unusual circumstances,
I think I'd be a little surprised to learn that a cache would have an
appreciable and cost-effective impact on your network. (But, granted, it's
been a few minutes since I was last in your library. And I've been wrong
before!)

Chad
______________________________
*Chad Neeper*
Senior Systems Engineer

*Level 9 Networks*
740-548-8070 (voice)
866-214-6607 (fax)

*Full IT/Computer consulting services -- Specialized in libraries and
schools*


On Mon, Mar 25, 2019 at 2:31 PM Chad Neeper <cneeper at level9networks.com>
wrote:

> I used to do a fair bit with HTTP caching...back when my libraries all had
> T1 lines. The firewall I used was open source and so had squid (well-known
> FOSS caching proxy...quite possibly the same proxy running ApplianSys'
> CACHEBOX) as a plug-in. These days, however, I don't using a caching proxy
> for several reasons:
>
>    1. OPLIN has been excellent about providing internet access that keeps
>    up/ahead of demand (Thanks, Karl, Vince, and gang!) Most of the libraries I
>    work with are single-branch libraries, so OPLIN covers all our needs in
>    most cases.
>    2. For several years now, HTTP is actively being discouraged in favor
>    of HTTPS, so there have been and will continue to be diminishing returns on
>    an HTTP cache. (More on this later...)
>    3. In order to cache HTTPS, the proxy cache has to essentially perform
>    a Man-In-The-Middle Attack
>    <https://en.wikipedia.org/wiki/Man-in-the-middle_attack>. If a private
>    *business* wants to cache HTTPS, that's fine. That's a
>    company/employee situation. But I'm not going *anywhere* near that in
>    a public library providing public access to patrons. I encourage you to do
>    your homework on this area before deciding whether or not to do this.
>
> HTTP vs HTTPS in a nutshell and WRT to caching:
> HTTP == insecure, unencrypted network traffic between a client computer
> and a web server. It's easily intercepted and cached via a HTTP proxy cache.
> HTTPS == secure, encrypted network traffic between a client computer and a
> web server. This is not cache-able content. To cache it, the HTTPS proxy
> must decrypt the HTTPS packets in order to read the content. Since HTTPS
> traffic is encrypted between the client computer and the web server, the
> intent is that no device in between the client computer and the web server
> should be able to read the encrypted communications. To do so, the HTTPS
> proxy must *pretend* to be the client computer when talking to the web
> server, and it must *pretend* to be the web server when talking to the
> client computer (MITM attack). If I'm a patron at your library using your
> computers and discover that your deliberately intercepting what I
> understand to be a secure connection between my computer and my bank's
> HTTPS server...I, uhh, wouldn't be very happy.
>
> Bottom line, if you think you need a HTTP cache...figure out WHY and maybe
> talk to OPLIN about it first before you implement an HTTP cache, and
> especially before you *spend money* implementing a caching device.
>
> My 2 cents,
> Chad
>
>
> ______________________________
> *Chad Neeper*
> Senior Systems Engineer
>
> *Level 9 Networks*
> 740-548-8070 (voice)
> 866-214-6607 (fax)
>
> *Full IT/Computer consulting services -- Specialized in libraries and
> schools*
>
>
> On Mon, Mar 25, 2019 at 1:01 PM Lisa Murray via OPLINTECH <
> oplintech at lists.oplin.org> wrote:
>
>> Is anyone using CACHEBOX from ApplianSys? Has it speed up web browsing in
>> your library?
>>
>>
>> Lisa
>>
>> Lisa Murray
>>
>> Director
>>
>> Cardington-Lincoln Public Library
>>
>> lmurray at cardlinc.org
>>
>> [image: 1453743275544_PastedImage]
>> _______________________________________________
>> OPLINTECH mailing list
>> OPLINTECH at lists.oplin.org
>> http://lists.oplin.org/mailman/listinfo/oplintech
>>
>> *** OPLIN now offers a Tier III-rated data center for libraries to use.
>> Find out more:    https://www.oplin.ohio.gov/co-location-service ***
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20190325/9ea2ebbc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-1453743275.jpg
Type: image/jpeg
Size: 9892 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20190325/9ea2ebbc/attachment.jpg>

More information about the OPLINTECH mailing list