On 19/06/2013 5:19 a.m., Blason wrote:
Hi Fellas,
I have a below scenario and wanting to achieve benefits of squid cache. Can
someone suggest how do i do it by putting squid in between?
Well I have AD set up with firewall on which I will be setting up
application controls and this firewall is integrated with AD. This firewall
does provide best in class security for application control/url filtering.
What firewall BTW?
This firewall does offer proxy functionality but unfortunately does not
have caching functionality which would provide burden on my link. To avoid
this I m planning to put squid in between to avail the caching functionality
but in that case user data will not be forwarded to firewall and application
control can not take decision based on that.
What user data and why not? Squid is a fully featured HTTP proxy.
If i dont integrate squid with AD only proxy ip will be forwarded and again
user or group based decision can not be taken. So, does any one have any
idea about implementation?
The basis of this is incorrect. Squid contains both X-Forwarded-For
header feature to relay client IP in HTTP headers and TPROXY support to
perform transparent proxy at the TCP/IP level. If the firewall contains
any useful IP-based HTTP proxy functionality it should be capable of
processing the Forwarded-For headers, otherwise you will have to use
TPROXY to relay the IP details through.
I was thinking about Parent and Child feature [cache_peer], will it work?
USER LAN [192.168.1.0]-------=========>[192.168.1.1 FIREWALL
20.20.20.20]========== INTERNET
|
|
|
SQUID Server [192.168.1.5]
Probably. It will double the HTTP traffic going through that firewall
though. You may want to consider a Users->Squid->Firewall->Internet
topology with TPROXY instead.
Amos
