Re: [squid-users] what type of proxy do I need ?

From: J. Bakshi <joydeep_at_infoservices.in>
Date: Fri, 2 Mar 2012 17:45:03 +0530

On Sat, 03 Mar 2012 00:41:31 +1300
Amos Jeffries <squid3_at_treenet.co.nz> wrote:

> On 2/03/2012 11:37 p.m., J. Bakshi wrote:
> > Hello list,
> >
> > I have a debian server which works as a gateway as well as web server of our organization.
> > We use the web server as local web development server. Hence the gateway and the web-server IP is same.
> >
> > I like to restrict some internet sites where squid becomes very handy. I have two problems here.
> >
> > [1] Can I configure squid such a way where it just operates on WAN ethernet card,
>
> Please explain a bit about what you mean by "operates on WAN ethernet
> card". The card does not run software, so you can't be meaning the
> obvious interpretation.

Actually the local gateway ( also the development server ) has two lan card.
One is connected with LAN and the other is with WAN

>
> > without any
> > required settings from user-end ?
> Yes. But _how_ depends on where the users are.
>

The users are both linux and window users.

> > So users can browse the locally available sites without any
> > modification at network settings and when they go to internet the squid comes in between and
> > restrict the defined sites ?
>
> I'm reading that as saying the users are internal. So you want Squid
> operating with both forward-proxy and interception proxy mode ports.
>
> Here is the recommended network configuration for a gateway proxy such
> as yours. These guidelines are designed for minimal trouble both to
> users and to network admin
> http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Recommended_network_configuration
>
> Each of the layers has different ways to configure bypasses for your
> local servers. Although Squid can act as a reverse-proxy to them easily.
> So you may not in the end want to do any bypass.
>
> >
> > [2] can I restrict the sites based on time ? Say youtube is again available after 7 pm ?
>
> Once the traffic is in the proxy, yes. With limitations. Namely that
> ACLs are only tested at certain points of the transaction, such as when
> a new request is made. A transfer which is already happening when your
> time boundary changes from allowed to denied will not be stopped. Only
> new ones started during the deny period
>
 I see...

> >
> > Please give some focus on these issues as I have little knowledge about squid.
>
> The place to start getting to know Squid is
> http://wiki.squid-cache.org/SquidFaq
>

Thanks
Received on Fri Mar 02 2012 - 12:14:59 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 02 2012 - 12:00:02 MST