Re: [squid-users] Re: One squid box, multiple proxies - suggestions? from Joseph S D Yao on 2004-05-26 (squid-users)

From: Joseph S D Yao <jsdy@dont-contact.us>
Date: Wed, 26 May 2004 14:03:42 -0400

On Thu, May 20, 2004 at 12:52:20PM -0400, Adam Aube wrote:
> Joseph S D Yao wrote:
>
> > I'd like to use squid to
>
> > (a) change or remove some of the header information that's gratuitously
> > entered by some browser paths
>
> "Can Squid anonymize HTTP requests?"
>
> http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.18
>
> That should get you started.

Yes, I'm sorry if I made it sound like we needed help for that, that's
one of the easily-found functions of 'squid'. I was just laying out
some of the requirements.

> > (b) to direct which proxying firewall I want to use.
>
> > The considerations for the latter are:
>
> > - some users will be coming from anywhere [corporate network,
> > dial-in, other VPNs], but will want to select one particular
> > firewall that does things they way they like it, and we need
> > to accommodate those customers
>
> This can be done in the client browser settings.

In the client browser settings, I can direct them to the squid box
inside the network, OR I can direct them to a different proxy. The
problem is this. We want them to go to the squid box to remove certain
header lines, to block certain sites that we are required to by local
proxy, etc. WHAT THEN? I can send them to one other proxy. Is there
a way to choose to which among several next-hop proxies the user goes
next?

> > - some users' organizations have stated a preference for
> > certain firewalls, and so we need to accommodate those
> > customers
>
> This can either be done in the client browser settings or using source IP
> addresses in a proxy autoconfig script.

Again, I don't see how you can go to squid THEN to another proxy using
this.

> > - some URLs' hosts are "closest" on the public Internet to one
> > or another firewall, and so we'd like to use that firewall
> > for those hosts, in the absence of a clearly stated request
>
> This can be done inside a proxy autoconfig script.

Same.

> > - some firewalls are equivalent, and in the absence of any
> > other consideration, we'd like to pass queries around.
>
> Use round-robin DNS or policy routing.
>
> I don't see anything for (b) that requires Squid.

Ah. You have it completely backwards. Nothing in (b) requires squid.
We require squid - or, rather, some of its functions. If we implement
those functions using squid, how do we do (b)?

I take it from the lack of responses that nobody knows. ;-(

Thanks anyway, all.

-- 
Joe Yao				jsdy@center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support					EMT-B
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.

Received on Wed May 26 2004 - 12:03:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:02 MDT