AW: AW: [squid-users] Distribued ACL|

From: <Markus.Rietzler@dont-contact.us>
Date: Mon, 22 Jan 2007 14:20:38 +0100

>> all user-squids have a "few" (or many?) acls with which
>> they can determine
>> if they have to forward the request to "main intranet",
>>"main extranet" or
>> "main internet". so the user squid decides which type of
>> request it is
>> (intranet/extranet/internet) and then asks the responsible
>> squid at our
>> head quarter.
>>
>> so that means:
>>
>> some.local.server: user-squid -> DIRECT (if local.server is
>located in
>> subsidiary)
>> some.main.server: user-squid -> squid main intranet -> DIRECT to
>> some.main.server
>> some.subsidiaryB.server: user-squid (subA) -> squid main intranet ->
>> "user"-squid in sub B -> some.subsidiaryB.server
>> www.google.de: user-squid -> squid main internet -> FW ->
>DMZ -> internet
>> -> google.de
>>
>
>sorry but why go the easy way if there is a complicated one
>right ... :)
>
>or I do not understand what you are trying to say here
>
>but if I understood your plan, then, nothing need to be done at remote
>server site, only at the front end squid
>
>since the frontend is the server connected to other networks it is the
>place where things should be done, but that is only the easier way
>
>
>Michel

sure, but it's not that simple.
there are local (at user-squid) acls which are also responsible to
restrict access.
eg. internet-access is restricted to some users, we also distinguish
between "browsing" and
"downloading" the internet, for that we use NTLM auth togehter with
"some" local acls.

with this scenario we provide services at about 150 subsidiaries and
30.000 users...

markus
Received on Mon Jan 22 2007 - 06:20:56 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST