Re: [squid-users] Squid Peerīs problem.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 19 Aug 2003 22:15:50 +0200

On Tuesday 19 August 2003 21.57, Ampugnani, Fernando wrote:
> Henrik,
> which is the best way to restrict all sites that go to internet in
> the second squid box except those I permit?

By only allowing access in http_access to the sites you permit.

> I must do they in first squid box or in second squid box?

Does not matter much.

> Because I suppose that the validation is managed by first squid
> box, the second squid box only forward all internet traffic to this
> isnīt is?

Both can do full validation. The fact that one forwards requests to
another is just a routing decision and does not in any way modify the
capabilities of either Squid.

If you have the rules in the Squid closest to the Internet then the
rules matters no matter which internal proxy the user connects via.

If you have the rules on the proxy closest to the user then the
processing of the rule is somewhat more efficient as there is no need
to query the Internet connected Squid..

Regards
Henrik
Received on Tue Aug 19 2003 - 14:17:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:59 MST