On 10/07/20 9:54 am, Orion Poplawski wrote: > Hello - > > We're using a setup like this: > > client -> e2guardian -> squid -> internet > > e2guardian is providing filtering and SSL inspection. Currently we only > allow access to e2guardian from our internal network. Currently we > enforce access to squid come from localhost, except for some specific > sites which do not work with SSL inspection. > > Then we allow: > > client -> squid -> internet > > this is based on the (non-forwarded) client IP. > > We would like to open up access to e2g from the internet but require > authentication in that case. Okay. > This would require the use of forwarded > IPs so the squid could distinguish between them (e2g does not do auth > directly - it lets squid handle that). But then this breaks our config > above because we no longer can distinguish between connections from e2g > and direct ones. How do you come to that conclusion? What is your Squid version? What is your current squid.conf contents? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
