Hey Anthony,
Giving this a second thought, I believe I didn't explain myself correctly.
I have 5 Squid servers, each listening on 80 ports, I would like to add another
Squid server in the middle of the client and these servers to authenticate users
before sending them to their ports. I already have ACL controls and auth control tools
which I wrote and are working fine.
My question is regarding how to configure this, I have found this configuration online
but I am not sure how it will work performance-wise with 500+ proxies (could be 1000s in
the future):
http_port 3128 name=port_3128http_port 3127 name=port_3127nonhierarchical_direct offacl port_3128_acl myportname port_3128acl port_3127_acl myportname port_3127always_direct deny port_3128_aclalways_direct deny port_3127_aclnever_direct allow port_3128_aclnever_direct allow port_3127_acl# 3128cache_peer proxy1 parent 3128 0 proxy-only default name=proxy3128cache_peer_access proxy3128 allow port_3128_aclcache_peer_access proxy3128 deny all# 3127
cache_peer proxy2 parent 3128 0 proxy-only default name=proxy3127cache_peer_access proxy3127 allow port_3127_aclcache_peer_access proxy3127 deny all
Combine these 2000+ lines in squid.conf with 2 external ACLs and a custom authenticator,
can this cause a hit on performance or should it be no problem for squid to handle?
On Thu, Dec 10, 2020 at 2:29 PM Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx> wrote:
On Thursday 10 December 2020 at 13:02:19, roee klinger wrote:
> Hello,
>
> We have a few Squid proxy servers with a total of around 400 ports
What do you mean by that? What are you using 400 ports for?
> We have decided that we want to add a cloud instance in the middle of the
> connections, that will authenticate users and only then send them to the
> squid instance.
What authentication method / protocol do you want to use?
> Is it a smart idea to use Squid for this use case or just use a different
> proxy software that doesn't have this limitation?
I think the best starting point is to ask what sort of authentication you want
to perform (ie: what is the authoritative system which holds the information
about who can authenticate and who cannot), then you can decide on the best
software to use to do that in front of Squid.
Antony.
--
Under UK law, no VAT is charged on biscuits and cakes - they are "zero rated".
Chocolate covered biscuits, however, are classed as "luxury items" and are
subject to VAT. McVitie's classed its Jaffa Cakes as cakes, but in 1991 this
was challenged by Her Majesty's Customs and Excise in court.
The question which had to be answered was what criteria should be used to
class something as a cake or a biscuit. McVitie's defended the classification
of Jaffa Cakes as a cake by arguing that cakes go hard when stale, whereas
biscuits go soft. It was demonstrated that Jaffa Cakes become hard when stale
and McVitie's won the case.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
