> I've got a bunch of machines at various locations on various ISPs for > which I need to filter web sites. I've set up Squid w/ authentication > as a proxy for these machines and put ACLs in place that allow me to > whitelist certain sites. > > The problem I am having is that the users of these machines are about > two steps ahead of sea turtles on the intelligence scale and get > confused when asked to enter a user/pass when opening Firefox. They > *do* have a user/pass for their email, so you can see how they would > get confused having to remember *TWO* _different_ passwords. *roll > eyes* > > At any rate, I started investigating the transparent proxy option for > two main reasons : Drop it : http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy?highlight=%28intercept%29#head-1cf13b27d5a6f8c523a4582d38a8cfaaacafb896 >1) they don't have to enter a user/pass, and 2) they > can't get around the proxy settings by changing browsers, etc. I > found the FAQ that says you can't use transparent proxying w/ > proxy_auth, so I started reading over the lists. These macines are at > various locations on various ISPs, so I cannot use any speical > messages in DHCP or anything like that as has been suggested > previously. I eventually came across the login parameter to the > cache_peer config option and that got me thinking... > > Could I setup squid on each of the remote boxes as a transparent > cache, but configure the cache such that all requests are forwarded to > the parent cache that uses authentication? >... Try to *think* what you are saying, how in any sense would that global parent have any carry-thru info, about who was in front of the intercepting SQUID ? M.