On 12/05/2013 12:57 p.m., Thorough wrote:
Hi guys We need to use two internet access method on an one Linux server with Squid installed, the methods are NTLM authentication and open proxy (without auth)..
"open proxy" is a well known term in security and the web. Please avoid re-defining it for your own purposes. What you are describing is simply a proxy without authentication. Worlds of difference from an "open proxy".
Can be that provided by one Linux server with Squid installed? Something like this: IP 10.10.1.100:3128 - NTLM authentication required IP 10.10.2.100:3128 - Open Proxy
Yes. Use a myportname ACL to match one of the ports and insert it into your access control lines as appropriate to separate which traffic flows are authenticated.
What about multiple squid instances and two separate squid.conf http://wiki.squid-cache.org/MultipleInstances - one with NTLM auth configured and second configured as open proxy, is it good way? Does someone have experience with that?
If one Squid instance can do it, there is no reason to think two separate instances cannot.
Either way the difference is just in how you configure the ACLs. Multi-Instance just adds lots of coordination trouble in top.
Amos
