Hi Markus! Thank you.
Markus.Rietzler@xxxxxxxxxxxxxx escreveu:
-----Ursprüngliche Nachricht-----
Von: Tom Lobato [mailto:tomlobato@xxxxxxxxx]
Gesendet: Dienstag, 16. Januar 2007 00:59
An: squid-users@xxxxxxxxxxxxxxx
Betreff: Distribued ACL|
Hello!
My scenario: 1 organization headquarter, with linux+squid and ~90
offices,
hi,
we work in a similar scenario. at about 150 subsidiaries. our
squids are running
on linux-servers, but it should make not much difference.
we use a squid hierachy like:
user-squid in subsidiary +-> squid main internet -> FW ->
squid dmz -> internet
+-> squid main intranet -> intranet
+-> squid main extranet -> extranet
I didnt understand the hierachy.
all user-squids are using "lokal" acls files. there are acls
which choose the right main squid (internet, intranet, extranet).
also some acls which deny or allow internet etc.
What do you means with "choose the right main squid"?
we manage all acl on a central server. as soon we're making
changes we have a "copy"-script that uses rcp/scp to
distribute all acls to the user-squids and do a "reconfigure".
this is a quite "flexible" setup. worked for many years now.
we also can implemt some "main"-acls, eg. to block banner or
other "bad" sites...
markus
Very good, I think my schema will be seemed like yours.
With mail difference that remote squid will be SquidNT
(running on windows), and maybe I will implement a
client/server pair for make updates as soon as central
administrator change acls.
Tom Lobato
