Setting up limited caching and scanning?



  • I'm using Pfsense 2.1.4 and interested in adding two functions to the router. But both look like they involve caching (one explicitly, one implicitly) and I'm not sure how to configure things, and how to manage/minimise caching, if I did.

    The two functions I'm interested in adding to the router:

    • I'd like to be able to specify a list of URL masks (eg web pages, frequent loaded scripts, software update repos, etc) so that any http/https/ftp downloaded from a matching url will be cached on the router and - subject to checking for outdatedness, or some time limit - the cached copy used if another LAN machine tries to download from the same URL. Anything else shouldn't be cached in the first place, though.

    • I like the idea of anti-malware/antivirus as a first line scanner, running on the router, as a layer additional to PC based scanning. But from what I can tell HAVP and CLAM etc normally use caching and then scan the cached files, rather than in-memory scanning or ramdisk based caching. The problem for me is that some data is private enough that it shouldn't be cached on the router HDD, it should be "lost" from memory once scanned, so to speak, or at worst held in a volatile RAM based cache/ramdisk. Can I use scanning even without a HDD cache, or using just memory based scanning or ramdisk?

    The caching concern is privacy related (other people on the LAN who like the ideas below, but have asked me to reassure them the router won't "keep copies" of their web pages etc if I go ahead and add this to the router, okay not ideal but hopefully doable!)

    Any tips on whether these are possible, and if so how to configure them, would help a lot! Beyond these tasks I'd like to keep any additional load as light and minimal as possible.

    Thanks!



  • Computers have no concept of "private" data. If data needs to be private, it's up to the clients to make sure that happens. An HTTPS proxy in an inherent man-in-the-middle attack that breaks security. Caching FTP is kind of strange. Few sites use it, and the one that do use it for large files.



  • That's true. But software authors and configs do have the possibility to cache some items but not others, or cache them one way and not another. So perhaps I should have been more specific:

    1. Do any of the current caching packages allow selective caching of URL content according to a rule (ie URL matches this domain/mask/regex then cache, otherwise don't)? Or are they all, "all or nothing"?
    2. Do any of the current antivirus/antimalware scanner packages allow scanning either without caching, or using a RAM based (rather than disk based) scanning mode or caching mode, or using a ramdisk for the disk based cache?

    That's probably what I should have asked…


Log in to reply