the child forwards all queries to the parent after running it through it's own redirector (and applying other acl policies).
The objective is to be able to run both squidguard and adzapper, each with opt-out groups for sets of proxy_auth users that are orthogonal.
I'm guessing, at present, that the way to go is to set the squidguard redirector and the majority of the other acl policies (delay pools, restrictions on large or 'installable' content by extension, mimetype, etc) on the child server, and have it propagate the user name information back to the parent using the login=*:password option, and have the parent server run adzapper for everyone not in the opt out group.
My guess is that the parent will need an external authenticator that will validate any user if the correct password is
supplied, but will only allow access to the child proxy(s). Does that sound right? Are there any standard authenticators that come with squid for this task?
Thanks, John
