>>-----Ursprüngliche Nachricht----- >>Von: Tom Lobato [mailto:tomlobato@xxxxxxxxx] >>Gesendet: Dienstag, 16. Januar 2007 00:59 >>An: squid-users@xxxxxxxxxxxxxxx >>Betreff: Distribued ACL| >> >> Hello! >> >> My scenario: 1 organization headquarter, with linux+squid and ~90 >>offices, > > >hi, > >we work in a similar scenario. at about 150 subsidiaries. our >squids are running >on linux-servers, but it should make not much difference. > >we use a squid hierachy like: > > user-squid in subsidiary +-> squid main internet -> FW -> >squid dmz -> internet > +-> squid main intranet -> intranet > +-> squid main extranet -> extranet > >all user-squids are using "lokal" acls files. there are acls >which choose the right main squid (internet, intranet, extranet). >also some acls which deny or allow internet etc. > >we manage all acl on a central server. as soon we're making >changes we have a "copy"-script that uses rcp/scp to >distribute all acls to the user-squids and do a "reconfigure". >this is a quite "flexible" setup. worked for many years now. >we also can implemt some "main"-acls, eg. to block banner or >other "bad" sites... > >markus >
