Re: [squid-users] Distribued ACL|

From: Tom Lobato <tomlobato@dont-contact.us>
Date: Sat, 20 Jan 2007 22:13:29 -0200

Hi Markus! Thank you.

Markus.Rietzler@rzf.fin-nrw.de escreveu:
>>> -----Ursprüngliche Nachricht-----
>>> Von: Tom Lobato [mailto:tomlobato@gmail.com]
>>> Gesendet: Dienstag, 16. Januar 2007 00:59
>>> An: squid-users@squid-cache.org
>>> Betreff: [squid-users] Distribued ACL|
>>>
>>> Hello!
>>>
>>> My scenario: 1 organization headquarter, with linux+squid and ~90
>>> offices,
>>>
>> hi,
>>
>> we work in a similar scenario. at about 150 subsidiaries. our
>> squids are running
>> on linux-servers, but it should make not much difference.
>>
>> we use a squid hierachy like:
>>
>> user-squid in subsidiary +-> squid main internet -> FW ->
>> squid dmz -> internet
>> +-> squid main intranet -> intranet
>> +-> squid main extranet -> extranet
>>

I didnt understand the hierachy.

>> all user-squids are using "lokal" acls files. there are acls
>> which choose the right main squid (internet, intranet, extranet).
>> also some acls which deny or allow internet etc.
>>

What do you means with "choose the right main squid"?

>> we manage all acl on a central server. as soon we're making
>> changes we have a "copy"-script that uses rcp/scp to
>> distribute all acls to the user-squids and do a "reconfigure".
>> this is a quite "flexible" setup. worked for many years now.
>> we also can implemt some "main"-acls, eg. to block banner or
>> other "bad" sites...
>>
>> markus
>>

Very good, I think my schema will be seemed like yours.
With mail difference that remote squid will be SquidNT
(running on windows), and maybe I will implement a
client/server pair for make updates as soon as central
administrator change acls.

Tom Lobato
Received on Sat Jan 20 2007 - 17:13:19 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST