On 19/06/2013 5:19 a.m., Blason wrote:
> Hi Fellas,
>
> I have a below scenario and wanting to achieve benefits of squid cache. Can
> someone suggest how do i do it by putting squid in between?
>
> Well I have AD set up with firewall on which I will be setting up
> application controls and this firewall is integrated with AD. This firewall
> does provide best in class security for application control/url filtering.
What firewall BTW?
> This firewall does offer proxy functionality but unfortunately does not
> have caching functionality which would provide burden on my link. To avoid
> this I m planning to put squid in between to avail the caching functionality
> but in that case user data will not be forwarded to firewall and application
> control can not take decision based on that.
What user data and why not? Squid is a fully featured HTTP proxy.
> If i dont integrate squid with AD only proxy ip will be forwarded and again
> user or group based decision can not be taken. So, does any one have any
> idea about implementation?
The basis of this is incorrect. Squid contains both X-Forwarded-For
header feature to relay client IP in HTTP headers and TPROXY support to
perform transparent proxy at the TCP/IP level. If the firewall contains
any useful IP-based HTTP proxy functionality it should be capable of
processing the Forwarded-For headers, otherwise you will have to use
TPROXY to relay the IP details through.
> I was thinking about Parent and Child feature [cache_peer], will it work?
>
>
>
> USER LAN [192.168.1.0]-------=========>[192.168.1.1 FIREWALL
> 20.20.20.20]========== INTERNET
>
> |
>
> |
>
> |
>
> SQUID Server [192.168.1.5]
Probably. It will double the HTTP traffic going through that firewall
though. You may want to consider a Users->Squid->Firewall->Internet
topology with TPROXY instead.
Amos
Received on Tue Jun 18 2013 - 23:10:10 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 19 2013 - 12:00:04 MDT