Hi all,
I've tried posting on this in the filter (DansGuardian) message board with
not much success as it seems to require more knowledge about Squid than the
filtering.
I wish to use Squid alongside a custom identd client to allow me to
allow/disallow Internet/Cache access to client stations based on the string
returned from the identd client running on these clients. The string
returned at this point is likely irrelevant. The initial plan was to have 2
instances of Squid running on the same server. Stations would connect to
Squid1 which would authenticate via the identd client and control cache
access. Squid1 would not cache. If allowed access, Squid1 would direct
stations to an instance of DansGuardian running on the same server which
would in turn connect to a second instance of squid which handled caching
(call this Squid2). The plan was to use ACL's (and 4 custom ACL's) on
Squid1 to handle 4 instances of DansGuardian, each running a different
filter config so in effect we could direct a station to the relevant filter
allowing us to run different filter levels for different user groups. Hope
this makes sense so far? It was planned to be set up as "station ->
Squid1(auth) -> DansGuardian(1-4) -> Squid2(cache)". DansGuardian appears
to Squid as an upstream parent proxy running on 127.0.0.1 with a port chosen
by me eg 8080.
After discussion it was suggested by a few people that the above can be done
with a single instance of Squid as opposed to two seperate ones. I've been
playing with this sugestion for a good few days now with no success. I can
happily get this setup running as "station -> DansGuardian -> Squid" but
can't quite suss out the ACL's to allow this to work as "station -> Squid ->
DansGuardian -> Squid".
In the majority of usage cases, the server would also have a true upstream
proxy/cache aswell. We're currently using Debian and hoped to stick with
stable releases of packages so the use of a single Squid is the best way to
accomplish this as we wouldn't need to create our own package of Squid to
allow us to use a second instance and then have to maintain this extra
package alongside the Debian stable one. I'm currently trying to get this
working with a single DansGuardian instance and get this working before I
move on to having a further 3 instances to allow for the different filter
levels.
So, my questions at last!
1) Is the use of a single Squid instance do-able for the situation
described?
2) If it is possible is anyone willing to give me a hint as to what my ACL
setup may need to be?
3) Can we use a single installation of Squid and start 2 instances with
different squid.conf files?
Sincere thanks for any response to this. Once we get this sorted and
running in either way we can move on to the management console!
Regards,
nry
_________________________________________________________________
Express yourself with cool emoticons - download MSN Messenger today!
http://www.msn.co.uk/messenger
Received on Sat Sep 27 2003 - 09:50:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:03 MST