On Mon, 14 Mar 2005 14:47:29, johnsuth@xxxxxxxxxxxxx wrote: > Web browsing clients must specify one IP address as their proxy, > so I suppose this box must be available for browsing to work. If you are using a "Proxy Automatic Configuration" script (aka "proxy.pac") you can actually have the script do some very sophisticated logic, including hashed proxy server selection based on destination domain, and also failover; listing several proxy servers such that if the primary does not respond, the client will try a secondary proxy, tertiary proxy, or even "DIRECT". How browsers handle failover and failback is specific to their implementation of proxy scripting; some clients will failover, but will never failback unless all browser windows are closed. If none of the returned proxy servers are available, some browsers pop up an alert, others do not. If the PAC script parsing fails, some browsers pop up an alert, some try to go "DIRECT", some just stop working until the client settings are changed. Just about all graphical web browsers available today for Unix and Windows support PAC, the primary exception being on Macintosh. Also, it is rare for non-browser clients to directly include fully functional PAC support. The Microsoft "automatic detection" setting in IE is different from PAC but related; enabling this option will allow an IE client to autodiscover the hostname from which to load the PAC script; See Microsoft's online documentation for more information, or search MSDN for "wpad". > If there was a second and more responsive Squid box available, > most but not all of the time, how might the two Squid caches be related > so that the more responsive box was the preferred cache. The squid-centric answer to this question would be to set up a cache hierarchy. Install two or more "parent caches" nearest the ISP uplink(s), then deploy small "workgroup" caches near the end users; have these caches aware of the parent caches, set to query parent caches via ICP. Configure PAC so browsers prefer to use their nearest "child cache", but when this host fails to respond, failover to a hostname resolving to one or more "parent cache" address. Kevin Kadow