Hello all I run a small squid cache for a high school that due to location and budget has a very limited internet connection and therefore must try to conserve bandwidth. The school wishes to have content filtering enacted to prevent students from accessing inappropriate content while on school grounds. Currently the school has a service to filter content using a parent proxy however this server is located in England and the school is in Ontario, Canada. The way it is set now squid will only connect to the parent proxy to retrieve pages however it is very inefficient to run all the school's http requests to europe and back. This is causing 2 problems: 1) Often when trying to load a webpage it appears to get "stuck" at connecting to the server but hitting stop and then refresh will load the page very quickly. 2) Downloads over HTTP start at only a few kb/s. Sometimes they stay that way, other times after 4 or 5 minutes they speed up to most of the school's available speed of around 180 kb/s. This problem used to extend to FTP as well until I used always_direct for FTP transfers. However this means there is no filtering of ftp traffic. I disabled the parent cache and tested the speed and it was a remarkable difference. No stutters when loading pages and no problems with HTTP downloads but it also means no filtering. What I would like to do is have squid check for permission to access the site from the parent proxy but then directly connect to the hosting server to actually make the transfer. I am not sure if it is even possible but if anyone has some ideas I'd love to hear them. I've included most of squid.conf for completeness sake: http_port 192.168.3.1:3128 cache_peer parent-proxy.co.uk parent 2326 0 ## Direct connections to FTP sites. FTP transfer suffered from terrible performance until I did this acl FTP proto FTP acl HTTP proto HTTP acl HTTPS proto HTTPS cache_peer_access parent-proxy.co.uk allow HTTP cache_peer_access parent-proxy.co.uk allow HTTPS cache_peer_access parent-proxy.co.uk deny FTP never_direct allow HTTP never_direct allow HTTPS always_direct allow FTP #NTLM auth_param basic program /usr/lib/squid/smb_auth -W domain -U domain_controller auth_param basic children 10 auth_param basic realm Squid Proxy Server auth_param basic credentialsttl 1 hour acl password proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access allow password http_access deny all http_reply_access allow all Thanks in advance Luke Taylor
