Re: [squid-users] One Squid with NTLM auth and as Open Proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 12 May 2013 18:27:44 +1200

On 12/05/2013 12:57 p.m., Thorough wrote:
> Hi guys
>
> We need to use two internet access method on an one Linux server with Squid
> installed, the methods are NTLM authentication and open proxy (without
> auth)..

"open proxy" is a well known term in security and the web. Please avoid
re-defining it for your own purposes.
What you are describing is simply a proxy without authentication. Worlds
of difference from an "open proxy".

> Can be that provided by one Linux server with Squid installed?
> Something like this:
>
> IP 10.10.1.100:3128 - NTLM authentication required
> IP 10.10.2.100:3128 - Open Proxy

Yes. Use a myportname ACL to match one of the ports and insert it into
your access control lines as appropriate to separate which traffic flows
are authenticated.

> What about multiple squid instances and two separate squid.conf
> http://wiki.squid-cache.org/MultipleInstances - one with NTLM auth
> configured and second configured as open proxy, is it good way? Does someone
> have experience with that?

If one Squid instance can do it, there is no reason to think two
separate instances cannot.

Either way the difference is just in how you configure the ACLs.
Multi-Instance just adds lots of coordination trouble in top.

Amos
Received on Sun May 12 2013 - 06:27:50 MDT

This archive was generated by hypermail 2.2.0 : Sun May 12 2013 - 12:00:05 MDT