[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users]  Hardware placement
From:       Amos Jeffries <squid3 () treenet ! co ! nz>
Date:       2008-09-26 14:39:00
Message-ID: 48DCF404.2010102 () treenet ! co ! nz
[Download RAW message or body]

Johnson, S wrote:
> I've been digging around for an answer on this and am trying to figure out the best \
> layout for attempting a WCCP2/Squid transparent proxy. 
> I've done several installs of Cisco WCCP2 using Bluecoat's proxy, but this would be \
> a much cheaper method. 
> The hardware layout of Bluecoat was like the following (the way I did it before):
> 
> 
> USER Workstation
> > 
> > 
> Cisco--------------Bluecoat(WCCP)---------Win2k3 DC
> > 
> > 
> > 
> Internet
> 
> 
> The HTTP packet was transferred to the Cisco which was then forwarded to Bluecoat \
> for validation. 
> 
> The configurations I seem to be finding on the net for SQUID/WCCP are like the \
> following: 
> User Workstation
> > 
> > 
> Cisco
> > 
> > ------------Win2k3(LDAP)
> > 
> Bluecoat(WCCP)
> > (nat)
> > 
> > 
> Internet
> 
> 
> What I'm trying to accomplish is that only my SQUID server can talk to my AD \
> environment.  It's a weird situation in that this is a "public" network that is \
> still being authenticated to our private side.  In other words, our students are \
> going to be bringing in their computers but we don't want them to touch our private \
> network in any form. 
> Can anyone make any recommendations/suggestions?
> 
> Thanks much.
> Scott

WCCP part is quite easy.
   htp://wiki.squid-cache.org/ConfigExamples/Intercept

The authentication is not. It's a browser security feature not to 
authenticate against unknown machines.

Simple IP-based access controls are still perfectly usable though.

Amos
-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9


[prev in list] [next in list] [prev in thread] [next in thread]