Pat Riehecky wrote:
This is a bit of a odd duck, but....
The university I work for has a bunch of library pages that can only be
accessed from on campus as they are hosted off site and authenticated by
IP address.
This sounds like a perfect scenario for an acceleration setup. You can
dispense with having users set proxy in their browser and only require
authentication for off-site access.
In short, the Squid box acts like the origin server (using a domain
within your control: http://offsite.library.iwu.edu/ or some such).
ACLs are set up such that access from within your campus network is
allowed through the acceleration setup without authentication, access
from outside is allowed WITH authentication, and all other access is
denied (forcing those who are using your proxy for all internet traffic
to repent, and helping prevent abuse of the system). Allowed requests
are relayed by your Squid server to the remote library site, and the
content is ultimately served by your Squid server (as it is now).
Wow, you got all the way down here... dang....
I will accept vaguely half formed, partially coherent theories just to
keep my own mental gears turning. Anything at all you could contribute
would be tremendously helpful (this includes, the proposed task is
impossible proofs as well, but sadly I would need a strong argument to
hand up the chain as they look at me funny when I say this doesn't sound
possible).
Half-formed, partially coherent, I can handle. Fleshing this setup out
is left as an exercise for the reader. The FAQ sections on accelerators
(http://wiki.squid-cache.org/SquidFaq/ReverseProxy) and ACLs
(http://wiki.squid-cache.org/SquidFaq/SquidAcl) should help a lot...
Questions regarding further clarification of this framework are welcome.
Pat
Chris
