[prev in list] [next in list] [prev in thread] [next in thread]
List: squid-users
Subject: Re: [squid-users] Hardware placement
From: Amos Jeffries <squid3 () treenet ! co ! nz>
Date: 2008-09-26 14:39:00
Message-ID: 48DCF404.2010102 () treenet ! co ! nz
[Download RAW message or body]
Johnson, S wrote:
> I've been digging around for an answer on this and am trying to figure out the best \
> layout for attempting a WCCP2/Squid transparent proxy.
> I've done several installs of Cisco WCCP2 using Bluecoat's proxy, but this would be \
> a much cheaper method.
> The hardware layout of Bluecoat was like the following (the way I did it before):
>
>
> USER Workstation
> >
> >
> Cisco--------------Bluecoat(WCCP)---------Win2k3 DC
> >
> >
> >
> Internet
>
>
> The HTTP packet was transferred to the Cisco which was then forwarded to Bluecoat \
> for validation.
>
> The configurations I seem to be finding on the net for SQUID/WCCP are like the \
> following:
> User Workstation
> >
> >
> Cisco
> >
> > ------------Win2k3(LDAP)
> >
> Bluecoat(WCCP)
> > (nat)
> >
> >
> Internet
>
>
> What I'm trying to accomplish is that only my SQUID server can talk to my AD \
> environment. It's a weird situation in that this is a "public" network that is \
> still being authenticated to our private side. In other words, our students are \
> going to be bringing in their computers but we don't want them to touch our private \
> network in any form.
> Can anyone make any recommendations/suggestions?
>
> Thanks much.
> Scott
WCCP part is quite easy.
htp://wiki.squid-cache.org/ConfigExamples/Intercept
The authentication is not. It's a browser security feature not to
authenticate against unknown machines.
Simple IP-based access controls are still perfectly usable though.
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic