Johnson, S wrote:
I've been digging around for an answer on this and am trying to figure out the best layout for attempting a WCCP2/Squid transparent proxy.
I've done several installs of Cisco WCCP2 using Bluecoat's proxy, but this would be a much cheaper method.
The hardware layout of Bluecoat was like the following (the way I did it before):
USER Workstation
|
|
Cisco--------------Bluecoat(WCCP)---------Win2k3 DC
|
|
|
Internet
The HTTP packet was transferred to the Cisco which was then forwarded to Bluecoat for validation.
The configurations I seem to be finding on the net for SQUID/WCCP are like the following:
User Workstation
|
|
Cisco
|
|------------Win2k3(LDAP)
|
Bluecoat(WCCP)
|(nat)
|
|
Internet
What I'm trying to accomplish is that only my SQUID server can talk to my AD environment. It's a weird situation in that this is a "public" network that is still being authenticated to our private side. In other words, our students are going to be bringing in their computers but we don't want them to touch our private network in any form.
Can anyone make any recommendations/suggestions?
Thanks much.
Scott
WCCP part is quite easy.
htp://wiki.squid-cache.org/ConfigExamples/Intercept
The authentication is not. It's a browser security feature not to
authenticate against unknown machines.
Simple IP-based access controls are still perfectly usable though.
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9