On 21/02/2015 4:57 a.m., maxt wrote: > I'm just wondering if it is possible to do the following: > > Have one Squid proxy that covers multiple domains/tenants. Each tenant > would have their own specific whitelist and blacklist of sites. Each tenant > would have their own customized/branded block page that would have > instructions for requesting a site be whitelisted. Sort of. We are partway there with SMP support. There are two easy-ish ways it can be done: 1) 3.2+ SMP worker per tenant. NP: There is still crossover with things like shared memory (if you choose to leabve it enabled) and cachemgr reports. Add this line to squid.conf between the "http_access CONNECT !SSL_ports" and "http_access deny all" lines: include /etc/squid/client-${processs_number}.conf All the client-specific configuration then goes in the numbered client-N.conf files. You may need to shuffle things like the default refresh_patterns around so they are below the include (so not overriding the client settings). There is still some crossover with settings that can only be set once per proxy instance (PID file etc). Those need to be set in the main squid.conf, which you can also use to set local network defaults different from the hard coded ones, or override some client abilities. 2) 3.5+ named service per tenant This is not really single-proxy but allows you to run separate instances/services per-tenant from one installed Squid. It does not have any of the crossover issues the above (which may be either Pro or Con for your needs). In squid.conf put this: include /etc/squid/client-${service_name}.conf Service name much only be alphanumeric characters. Same caveats apply about shuffling things around within squid.conf so they dont collide with the per-client settings. Run Squid using: squid -n <some_name> ... Note that is a lower case 'n', upper case is very different. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users