On 12/05/2013 12:57 p.m., Thorough wrote:
Hi guys
We need to use two internet access method on an one Linux server with Squid
installed, the methods are NTLM authentication and open proxy (without
auth)..
"open proxy" is a well known term in security and the web. Please avoid
re-defining it for your own purposes.
What you are describing is simply a proxy without authentication. Worlds
of difference from an "open proxy".
Can be that provided by one Linux server with Squid installed?
Something like this:
IP 10.10.1.100:3128 - NTLM authentication required
IP 10.10.2.100:3128 - Open Proxy
Yes. Use a myportname ACL to match one of the ports and insert it into
your access control lines as appropriate to separate which traffic flows
are authenticated.
What about multiple squid instances and two separate squid.conf
http://wiki.squid-cache.org/MultipleInstances - one with NTLM auth
configured and second configured as open proxy, is it good way? Does someone
have experience with that?
If one Squid instance can do it, there is no reason to think two
separate instances cannot.
Either way the difference is just in how you configure the ACLs.
Multi-Instance just adds lots of coordination trouble in top.
Amos
