Re: [squid-users] squid as incoming proxy?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 11 Nov 2003 02:05:33 +0100 (CET)

On Mon, 10 Nov 2003, Robin Bowes wrote:

> I run a web server on my broadband connection at home. I run NAT on my gateway router and have a small internal network.
> I currently have all my web services hosted on a single box because of the 1-2-1 nature of NAT.
> I maintain my own internal DNS service which is different to the publicly visible DNS information (hosted at dyndns.org).
>
> Here's what I would like to do:
>
> Internet --- router --- proxy --+-- web1.robinbowes.com
> (squid) |
> +-- web2.robinbowes.com

This is one of the standard Squid configurations ;-)

The concept is called "reverse proxy" or "HTTP accelerator".

> Can squid do this?

Yes.

> Is there any special sort of set up I need to consider?

The setup differs from that of a Internet proxy in several aspects

  * Access controls is based on what destinations may be reached how, not
who may use the proxy.

  * Squid needs to be configured to run in accelerator mode

See the Squid FAQ and squid.conf.default.

> I also am considering implementing some sort of outgoing access control
> - pah, kids! Would I be able to use the same instance of squid for this
> or would I be better considering a separate instance?

While this is fully possible I would recommend using two instances of
Squid, one per purpose. Remember to give each a unique visible_hostname
(apart from different log files, cache etc). The reason to this is that it
is very easy to make a mistake in a combined configuration accidently
giving the whole world rights to proxy anywhere and you surely do not want
this to happen.

Regards
Henrik
Received on Mon Nov 10 2003 - 18:05:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:13 MST