If you use a separate proxy server, by default, Kaspersky Web Traffic Security does not encrypt ICAP traffic or authenticate ICAP clients. The application administrator must independently ensure a secure network connection between your proxy server and Kaspersky Web Traffic Security by using traffic tunneling or iptables.
You can choose not to use a separate proxy server and instead install the Squid service.
The provided instructions on installing and configuring the Squid service are applicable if Kaspersky Web Traffic Security was installed from an RPM or DEB package to a ready-to-use operating system. If Kaspersky Web Traffic Security was installed from an ISO file, configuration files for the built-in proxy server cannot be manually changed.
Installation and configuration of the Squid service includes the following steps.
It is recommended to configure SSL Bumping in the Squid service to handle encrypted connections. If SSL Bumping is not configured, the proxy server cannot intervene in the process of establishing an encrypted connection. In this case, the protection modules of Kaspersky Web Traffic Security (Anti-Virus and Anti-Phishing) are unable to scan data transmitted inside the encrypted data channel. This reduces the level of protection of the corporate IT infrastructure.
Use of SSL Bumping may disrupt the operation of certain applications or services that use a proxy server. To ensure their correct operation, you must add them to SSL Bumping exclusions.
To process a large number of network connections, you must configure the performance settings of the Squid service and the network stack of the operating system.