[squid-users] Re: acl deny in transparent cache

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Mon, 20 Oct 2008 12:54:30 +0200

On mån, 2008-10-20 at 05:42 -0500, Jian Wang wrote:
> I'm not sure how to do this. Is it externally changing the
> configuration of the router? For example,
> in the Squid external_acl_helper code, telnet to the router and add an
> acl line to the configuration of router?

Yes that's one way.

> Isn't this way unsecured? Further more, if I have thousands of client
> IP, it sounds like to me that I will have
> to add thousands of acl configuration lines to the router.

Yes.

> Or am I totally misunderstanding your suggestion?

No.

But it may be possible to do the same in the local firewall on the proxy
server instead of the router. Depends on your setup.

Regards
Henrik

Received on Mon Oct 20 2008 - 10:54:36 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 20 2008 - 12:00:04 MDT