Hello - We're using a setup like this: client -> e2guardian -> squid -> internete2guardian is providing filtering and SSL inspection. Currently we only allow access to e2guardian from our internal network. Currently we enforce access to squid come from localhost, except for some specific sites which do not work with SSL inspection.
Then we allow: client -> squid -> internet this is based on the (non-forwarded) client IP.We would like to open up access to e2g from the internet but require authentication in that case. This would require the use of forwarded IPs so the squid could distinguish between them (e2g does not do auth directly - it lets squid handle that). But then this breaks our config above because we no longer can distinguish between connections from e2g and direct ones.
Is there any way in an acl to explicitly request the "direct" (i.e. non-indirect) IP address? This would allow use to use one type for some acls and the other for other acls. This doesn't seem possible from what I can see.
I'm guessing we'll need to implement a separate proxy configuration for external access, but I'd like to avoid it if possible.
Thanks, Orion -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxx Boulder, CO 80301 https://www.nwra.com/
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
