Re: [squid-users] Hardware placement

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 27 Sep 2008 02:39:00 +1200

Johnson, S wrote:
> I've been digging around for an answer on this and am trying to figure out the best layout for attempting a WCCP2/Squid transparent proxy.
>
> I've done several installs of Cisco WCCP2 using Bluecoat's proxy, but this would be a much cheaper method.
>
> The hardware layout of Bluecoat was like the following (the way I did it before):
>
>
> USER Workstation
> |
> |
> Cisco--------------Bluecoat(WCCP)---------Win2k3 DC
> |
> |
> |
> Internet
>
>
> The HTTP packet was transferred to the Cisco which was then forwarded to Bluecoat for validation.
>
>
> The configurations I seem to be finding on the net for SQUID/WCCP are like the following:
>
> User Workstation
> |
> |
> Cisco
> |
> |------------Win2k3(LDAP)
> |
> Bluecoat(WCCP)
> |(nat)
> |
> |
> Internet
>
>
> What I'm trying to accomplish is that only my SQUID server can talk to my AD environment. It's a weird situation in that this is a "public" network that is still being authenticated to our private side. In other words, our students are going to be bringing in their computers but we don't want them to touch our private network in any form.
>
> Can anyone make any recommendations/suggestions?
>
> Thanks much.
> Scott

WCCP part is quite easy.
   htp://wiki.squid-cache.org/ConfigExamples/Intercept

The authentication is not. It's a browser security feature not to
authenticate against unknown machines.

Simple IP-based access controls are still perfectly usable though.

Amos

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
Received on Fri Sep 26 2008 - 14:39:14 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 26 2008 - 12:00:03 MDT