On Tue, Jul 5, 2011 at 6:24 PM, Marcin J. Kraszewski <marcin@xxxxxx> wrote: [...] >> > . filter objectionable URLs and content, including viruses, HTML >> tags> and ActixeX content >> >> You need an ICAP service for that. There are many commercial and some >> free offerings for that. > > But squid supports ICAP in the current version, doesn't it? Yes. [...] >> I don't know if I'd run a proxy on the firewall, but if it fits your >> performance needs, certainly. > > I don't have that many users, so performance is fine. > >> Are you running a transparent proxy or is it just hosted on the same >> machine as the firewall? > > There is an HTTP proxy on the firewall which is a transparent one, and > then I have the DMZ proxy, where I would like to use squid. It will be > a dedicated server (as the iPlanet is right now). Squid can work in transparent mode, but it will not possible to perform user authentication in that way (not due to a limitation in Squid, but due to a basic security feature of all browsers). -- /kinkie