[replying on-list to an off-list reply, with the senders's permission] On Sun, Mar 9, 2008 at 4:27 PM, Ben Scott <[EMAIL PROTECTED]> wrote: > I've done practically this exact same scenario before. It was > trivial with Squid ...
On Sun, Mar 9, 2008 at 8:35 PM, Jesse Rink <[EMAIL PROTECTED]> wrote: > If I were to use this software, which OS would you recommend it be run on? I'd suggest running it on whatever is most appropriate for your environment. If you've got no *nix experience, Squid can run on a Windows server. If you've got a shortage of Windows server licenses or sufficient hardware, Linux runs good on older hardware, and maybe the learning curve is easier to handle than a license purchase. > Using this scenario, would my PCs on the LAN change their IE proxy settings > from the internet web filter fqdn address to the address of the squid box? That would be one way. I recommend using a generic name like "proxy", and then creating a CNAME (DNS alias) in your LAN's DNS zone that resolves to whatever the appropriate proxy server is. That way you can switch between the ISP filter and the Squid box as needed. On our LAN, the bare name "proxy" gets defaulted to something like "proxy.inside.example.com", which in term resolves to something like "foo.inside.example.com". If I wanted to go back to using just the ISP's filter, I could change that to resolve to "filter.example.net" instead. > And if so, will I be able to tell the squid box, "Go to this internet web > filter address" for all web content? Yup, that's what that config file except I posted was about. Basically: The "cache_peer" directive defines your ISP's proxy server. The "always_direct" and "never_direct" directives control Squid how routes web requests. Basically, a "direct" request is one that bypasses other caches/proxies. So you can do things like tell Squid that a certain web site should always be contacted directly (bypassing the ISP cache), or that your LAN clients should never be allowed to make direct requests. > I perused the config file, but it's all greek to me right now. > > Is any of squid GUI/menu based? Not Squid itself. Squid is controlled by a plain-text config file. There are some advantages to that -- it's easily revision controlled, and comments can be added for documentation. It does make things a bit daunting at first, though. I can share relevant parts of our config file, if you like. There are some GUI front-ends for Squid configuration. Webmin has Squid support.. (Webmin is a free, web-based system management GUI for *nix; see http://www.webmin.com/). There's at least one native MS-Windows Squid config tool (http://www.krakenreports.com/index.php?subPage=krakenConfig), but it's payware and I've never tried it. Certainly, if you're looking for something that's very GUI, Squid is probably the wrong choice for you. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
