I'm looking at a way to hack around the problem of only being able to
define one redirector per squid server by setting up a pair of servers,
one to act as the parent holding the cache and running one of the
redirectors, while
the child forwards all queries to the parent after running it through
it's own redirector (and applying other acl policies).
The objective is to be able to run both squidguard and adzapper, each
with opt-out groups for sets of proxy_auth users that are orthogonal.
I'm guessing, at present, that the way to go is to set the squidguard
redirector and the majority of the other acl policies (delay pools,
restrictions on large or 'installable' content by extension, mimetype,
etc) on the child server, and have it propagate the user name
information back to the parent using the login=*:password option, and
have the parent server run adzapper for everyone not in the opt out group.
My guess is that the parent will need an external authenticator that
will validate any user if the correct password is
supplied, but will only allow access to the child proxy(s). Does that
sound right? Are there any standard authenticators that come with squid
for this task?
Thanks,
John
Received on Tue Dec 21 2004 - 19:21:12 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST