On tis, 2008-07-15 at 13:39 -0500, Jian Wang wrote:
> I start trying the cookie + external_acl way. However...
> First I don't know much about the reverse proxy. The most important
> thing we care about is the interception--transparent proxy, and this
> must be our bottom line. So, the question is: does reverse proxy need
> user set their browser's proxy server?
A reverse proxy is a proxy that acts as a authorative surrogate server
infront of servers of your control. DNS is officially registered with
the proxy address, which then forwards requests to the actual web
server. It's an administrative extension of the web server.
> As Henrik said, "If it's a reverse proxy you could use a cookie.. ".
> Does that mean transparent proxy cann't use cookie?
Well.. problem is that cookies is site/domain specific, and that you
probably would not want internal cookies to leak out to random internet
web servers...
> Here is what I
> think. Since cookie depend on website. If my Squid server set a cookie
> on the client browser, the client will only send that cookie when the
> destination is ip of my Squid server. Then, in a transparent proxy
> case, how can we force client browser send that cookie in every other
> http request?
You can't. That's why the "if this is a reverse proxy"...
> In addition, as both of you mentioned, the advantage of External_acl
> is that every combination(e.g., ip+cookie session) is cached. In this
> case, do I need to worry about the cache size(and is it configurable?)
> if I have thousands of clients?
The acl lookup cache size is configurable. See external_acl_type
Regards
Henrik
Received on Tue Jul 15 2008 - 19:08:30 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 16 2008 - 12:00:04 MDT