> 1. Can Squid redirect the Internet clients to the web server (inside
> the firewall) securely?
"Redirect" is not the right term. Clients do not connect directly to the
inside web server at all. Squid accepts the client connects, processes the
request, and re-issues the request on a separate connection to the inside web
server. The response from the inside web server is cached (or not) in squid's
swap space while it returns the response to the client, using the client's
connection. Subsequent requests, if the object is cached, are returned from
the cache without having to bother the inside web server. How and when squid
caches objects is fully configurable, or you can allow it to decide what is
cacheable based on the HTTP standards and the response headers.
> 2. Will Squid handle use of SSL or plain http successfully?
Yes, but be careful. You want to restrict what ports and IP addresses the
CONNECT method is allowed to use. SSL is simply tunnelled through squid.
> 3. Do we need to rewrite URLs?
Perhaps you do, perhaps you don't. It depends on your application. If you do
need to rewrite URLs, squid can use a redirector program that can do this
automatically without having to change your HTML code. You can write your own
redirector, or use one of several that other squid users have written.
> 4. Can Squid successfully tell the difference between dynamic pages
> (and so not cache them) and static pages? How? Do we need to do
> anything special to mark a page as cachable or not?
Yes, it can. This is all configurable with squid, and it comes with
reasonable defaults (cgi-bin or ? in a URL is considered not cacheable). URLs
are matched by regular expression in the cache-or-not-cache rules.
> Finally:
>
> 1. Does anyone have any other suggestions/ideas?
Join the squid-users mailing list. See http://squid.nlanr.net. Lots of
really knowledgeable squid gurus read and post to the list.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
