On Wed, 21 Jul 2004, Merton Campbell Crockett wrote:
Even with Duane Wessel's "Squid, The Definitive Guide" as a reference, it
is a daunting task to determine which of the configuration options will
provide the behaviour that you would like to see.
(1) I would like to have all requests for external (non-corporate)
web content forwarded to a Squid proxy at the security boundary.
This seems to be addressed adequately with the following.
acl CORP dstdomain .corp.com
never_direct allow !CORP
(2) I would like all requests for local content to be retrieved from
the local web server.
acl DIV dstdomain .div.corp.com
always_direct allow DIV
(3) The links to other divisions are being changed from dedicated
circuits to a dynamic VPN architecture. I would like to relay
requests to a Squid proxy at the division where the content is.
In the past, I have used cache_peer_domain for this.
(4) Before performing (1) or (3), I would like to determine if a local
Squid proxy already has a fresh copy of the requested content. It
doesn't seem desirable to be moving content repeatedly over a link
where the payload will be encrypted and fragmented.
Any suggestions on the "best" method of obtaining the desired behaviour?
Merton Campbell Crockett
--
BEGIN: vcard
VERSION: 3.0
FN: Merton Campbell Crockett
ORG: General Dynamics Advanced Information Systems;
Intelligence and Exploitation Systems
N: Crockett;Merton;Campbell
EMAIL;TYPE=internet: [EMAIL PROTECTED]
TEL;TYPE=work,voice,msg,pref: +1(805)497-5045
TEL;TYPE=work,fax: +1(805)497-5050
TEL;TYPE=cell,voice,msg: +1(805)377-6762
END: vcard
