RE: [squid-users] Cisco ASA -> Squid proxy

From: Henrik Nordstrom <>
Date: Sun, 06 Apr 2008 12:38:41 +0200

sön 2008-04-06 klockan 05:19 -0400 skrev Nick Duda:
> I also use Active Directory for user authentication with Squid...

Then the clients MUST be configured to use the proxy, and you need a HA
solution or similar for the proxy. Reasonable alternatives depending on
your network:

a) HA solution such as heartbeat from linux-ha, providing a virtual IP
address for the proxy.

b) Load balancer, prividing a virual load-balanced IP for the proxy

c) Proxy-pac based configuration of the clients telling clients what
proxies to use and when, including automatic discorvery mechanisms to
find the pac file (WPAD). Means clients in worst case need to restart
their browser on proxy related network change..

The reason why you need the browsers configured to use the proxy is
because for security reasons browsers are only willing to perform
authentication to a proxy when they know they are using a proxy. It's
not a restriction in Squid as such.

'a' and 'b' is easy to combine on the same Linux box if you want.

Received on Sun Apr 06 2008 - 04:40:11 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT