>>-----Ursprüngliche Nachricht-----
>>Von: Tom Lobato [mailto:[EMAIL PROTECTED]
>>Gesendet: Dienstag, 16. Januar 2007 00:59
>>An: [email protected]
>>Betreff: [squid-users] Distribued ACL|
>>
>> Hello!
>>
>> My scenario: 1 organization headquarter, with linux+squid and ~90
>>offices,
>
>
>hi,
>
>we work in a similar scenario. at about 150 subsidiaries. our
>squids are running
>on linux-servers, but it should make not much difference.
>
>we use a squid hierachy like:
>
> user-squid in subsidiary +-> squid main internet -> FW ->
>squid dmz -> internet
> +-> squid main intranet -> intranet
> +-> squid main extranet -> extranet
>
>all user-squids are using "lokal" acls files. there are acls
>which choose the right main squid (internet, intranet, extranet).
>also some acls which deny or allow internet etc.
>
>we manage all acl on a central server. as soon we're making
>changes we have a "copy"-script that uses rcp/scp to
>distribute all acls to the user-squids and do a "reconfigure".
>this is a quite "flexible" setup. worked for many years now.
>we also can implemt some "main"-acls, eg. to block banner or
>other "bad" sites...
>
>markus
>
