RE: [squid-users] 2 squid on the same server

From: J. Webster <webster_jack_at_hotmail.com>
Date: Fri, 29 Apr 2011 20:38:10 +0100

 If by "forwarded" you mean NAT. Authentication is not possible. See the
> FAQ about why.
> http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Why_can.27t_I_use_authentication_together_with_interception_proxying.3F
>
> >
> > Are there any examples for having 2 authentication methods run at
> > once? Does this mean the user would have to pick an option when
>
> The *user* does not know anything or need to. Their browser does it.
>
> > connecting to the server? I don;t think that will work for iPads,
> > xboxes, DVD players, etc accessing a proxy server as they connect
> > automatically without interaction. My current version is 2.6 - will
> > this work with that?

So,
Connection route A: Direct to proxy listening on port 80 and port 8080 with ncsa auth.
Ports 80, 8080, 443 will continue to be accessed with ncsa auth.

Connection route B: VPN with squid logging the websites.
Squid listening on port xxx1.
The logs will only contain an IP address from connections form port xxx1?
I need to make a change in iptables to block outside connections to port xxx1 and only allow port xxx1 to be accessed form the VPN network.
What do I do with port 443 in this instance? Do I need to make a new https port on squid and forward VPN:443 to squid:xxx?

Connection route C: Direct to proxy listening on port xxx2 with IP address auth.
You mentioned in the earlier email chain that if I setup IP auth as well as ncsa auth then this will mess up the authentication mechanism.
Is there no other way to have 2 authentication methods running at the same time?
                                               
Received on Fri Apr 29 2011 - 19:38:17 MDT

This archive was generated by hypermail 2.2.0 : Sat Apr 30 2011 - 12:00:04 MDT