Re: Inter-Squid firewalling

From: Anthony DeBoer <>
Date: 3 Jun 1997 13:50:27 -0000

Sys Admin/Curtis Hays II <> writes:
> ... I am currently trying to seek out how
> to put a squid server between users on our local network and a Sidewinder
> firewall that has users login before leaving the localnetwork via use of
> port 9119 on it...

Squid has a concept of private objects and public objects; if any HTTP
authentication has to be passed to get the object, then it's a private
object and it's given only to the original requestor and immediately
purged from cache. Any form of IP-number based authentication (including
IDENT) will fail because the firewall would be seeing all requests coming
from the Squid box rather than the end-user's workstation. In this
situation, there's little if any benefit to running a Squid cache.

Running a Squid on a box in front of your firewall might be an option,
provided the firewall supports using an external cache. If you can
relax the firewall's authentication and rely on Squid logging and ACLs
to keep your users in line, that might be another option.

Anthony DeBoer <>                    #include <std.disclaimer>
Received on Tue Jun 03 1997 - 08:17:08 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:21 MST