On tis, 2008-07-15 at 13:39 -0500, Jian Wang wrote: > I start trying the cookie + external_acl way. However... > First I don't know much about the reverse proxy. The most important > thing we care about is the interception--transparent proxy, and this > must be our bottom line. So, the question is: does reverse proxy need > user set their browser's proxy server? A reverse proxy is a proxy that acts as a authorative surrogate server infront of servers of your control. DNS is officially registered with the proxy address, which then forwards requests to the actual web server. It's an administrative extension of the web server. > As Henrik said, "If it's a reverse proxy you could use a cookie.. ". > Does that mean transparent proxy cann't use cookie? Well.. problem is that cookies is site/domain specific, and that you probably would not want internal cookies to leak out to random internet web servers... > Here is what I > think. Since cookie depend on website. If my Squid server set a cookie > on the client browser, the client will only send that cookie when the > destination is ip of my Squid server. Then, in a transparent proxy > case, how can we force client browser send that cookie in every other > http request? You can't. That's why the "if this is a reverse proxy"... > In addition, as both of you mentioned, the advantage of External_acl > is that every combination(e.g., ip+cookie session) is cached. In this > case, do I need to worry about the cache size(and is it configurable?) > if I have thousands of clients? The acl lookup cache size is configurable. See external_acl_type Regards Henrik
