Re: [squid-users] Squid Config with AD Intranet Example

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 15 Jan 2012 13:27:34 +1300

On 15/01/2012 12:58 p.m., James Robertson wrote:
>>> in? I'm thinking this is what needs to be done since I'm going to be
>>> using WCCP per user port on the switch.
>> I have never used WCCP but looking at the squid wiki I would expect
>> connections to the Intranet from the client to go via the LAN
>> (bypassing squid) anyway (that assumes not client configuration).
> Just re-read the point about the switch.... Disregard my comment here
> as I was thinking of the Firewall doing WCCP in which case LAN HTTP
> traffic would not hit the firewall and therefore go across the LAN
> direct.
>
> Seems overly complicated, just my 2 cents...

Yes, WCCP interception is tricky and authentication is impossible when
traffic is intercepted. You are forced to add some side-band
authorization instead which adds yet another two layers of complexity
and is not quite as reliable.

It is far better is to use WPAD across the network and the clients which
support it will go through the proxy and authentication processes
without any further trouble on your part. WCCP or other interception can
be used as backup for WPAD to catch the software which is not supporting
WPAD.

As for configuration examples; the default squid.conf is setup to permit
proxying LAN traffic for clients which are either configured directly or
through WPAD to use the proxy.
You can find example configuration snippets at
http://wiki.squid-cache.org/ConfigExamples which get added to the
default config as needed for the feature you want to configure. The
examples should be clear enough so long as you remember they are just
snippets of the particular lines for that feature, you still need to
polish exact order-specific locations of those settings to work the
feature into your existing config.

Amos
Received on Sun Jan 15 2012 - 00:27:41 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 16 2012 - 12:00:02 MST