Re: [squid-users] Squid as an alternative to EZProxy (i.e. access of IP-based content outside the intranet) from Amos Jeffries on 2009-12-04 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 04 Dec 2009 22:37:27 +1300

Robert Schenck wrote:
> Hello,
>
> I'm trying to configure Squid as a proxy server so that clients can
> access IP-based journal subscriptions that we have here, from home.
> They would do this by first connecting to our VPN (thus connecting to
> the intranet), and then connected to the proxy server that's within
> the intranet, which would then connect to the various journal
> subscriptions that we have. So:
>
> Client --> Internet --> VPN --> Our Intranet --> Proxy /w Squid --> Journal
>
> I tried doing this with Apache and it proved to be rather complicated
> and messy, so I'm turning to Squid. I have never used Squid (and only
> as of recently Apache)...but I did go through basic config of the
> squid.conf file, and have it up and running. I'm just unsure exactly
> what to do now, and I couldn't find any guides specific to my needs.
> Could anyone give me a general idea of what to do? And note that I do
> not want to take advantage of any of the caching abilities of Squid.
>
> Thanks very much.

You have a basic setup. The complications are all things outside of
Squid as far as I can tell.

You have a choice of forward or reverse proxy modes.

You have already thought of using Squid as a forward-proxy, with all the
VPN complications to get to it.

From the info given I'm inclined to push you in the simpler direction
of a reverse-proxy setup with authentication secured access. But some Qs
can help you decide.

So, is the VPN of any other use for these people?
If not it can be removed from the problem and replaced by relatively
simpler external authentication directly to the proxy.

Are the Journals in-house or are they a subscription to some other
publishers sites?
If in-house, you can easily go for a reverse-proxy setup with
selective authentication for externals and free access internals.
If not, forward proxy would be simplest.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
   Current Beta Squid 3.1.0.15

Received on Fri Dec 04 2009 - 09:37:42 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 04 2009 - 12:00:01 MST