[squid-users] FW: Acclerator mode and Authentication

From: Brian Phillips <[email protected]>
Date: Sat, 29 Oct 2005 22:10:44 -0600

Hello,
 
I have googled and have found a plethora of information, but I still do not
have a concrete answer and am fuzzy on a few details. I hope that I don't
seem like I am asking dumb questions or asking the obvious.

I seem to have a situation similar to the one in this message:

http://www.squid-cache.org/mail-archive/squid-users/200309/0048.html
 
I have squid set up as an httpd accelerator for some websites I have on a
private network behind the cache. I direct requests from outside the
network to squid running on port 80 on the gateway machine and then squid
sorts them out and hands them to the private webservers. I assume I have to
use the httpd_accelerator options (as this is what has got it to work in the
past).

I also use squid in combination with squidguard as a transparent
proxy/filter for clients that are on the private web wishing to surf the
net. I have firewall level rules to direct all web traffic from the
internal network to my squid machine (the same port) and then squid has acls
to find out if the traffic is coming from within the network, and if it is,
forwards it on (as long as squidGuard says it's okay ;) )
 
Finally, my questions. I would like to use the username authentication
feature NTSA in squid. I have it all set up, but as in that mailing list
article I've linked to, squid doesn't request authentication unless the
proxy settings are placed in the browser. This is not really the most
desirable option because of the A) "simpleness" of the users behind the
cache and B) the fact that the proxy information can be removed, causing the
whole thing to be bypassed. Right now I have set it up so it can't be
bypassed, but would eventually like to start allowing passwords (to bypass
certain aspects of my squidGuard filter)
 
I read in other posts by Henrik Nordstrom, that squid3.0 was going to have
clearer differences in the way it handles accelerated requests and
transparent proxy requests. I guess it's lack of understanding of the
finite details of each type of setup by my part, but I was wondering if my
current setup ( and wishes ) will be possible with these new changes in 3.0
Or maybe they're possible with the current version of squid ( 2.5 ) ?
Someone shed some light for me please.
 
Brian
Received on Sat Oct 29 2005 - 22:10:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST