Hey Anthony, Giving this a second thought, I believe I didn't explain myself correctly.
I have 5 Squid servers, each listening on 80 ports, I would like to add another Squid server in the middle of the client and these servers to authenticate users before sending them to their ports. I already have ACL controls and auth control tools which I wrote and are working fine. My question is regarding how to configure this, I have found this configuration online but I am not sure how it will work performance-wise with 500+ proxies (could be 1000s in the future): http_port 3128 name=port_3128 > http_port 3127 name=port_3127 > nonhierarchical_direct off > acl port_3128_acl myportname port_3128 > acl port_3127_acl myportname port_3127 > always_direct deny port_3128_acl > always_direct deny port_3127_acl > never_direct allow port_3128_acl > never_direct allow port_3127_acl > # 3128 > cache_peer proxy1 parent 3128 0 proxy-only default name=proxy3128 > cache_peer_access proxy3128 allow port_3128_acl > cache_peer_access proxy3128 deny all > # 3127 > cache_peer proxy2 parent 3128 0 proxy-only default name=proxy3127 > cache_peer_access proxy3127 allow port_3127_acl > cache_peer_access proxy3127 deny all Combine these 2000+ lines in squid.conf with 2 external ACLs and a custom authenticator, can this cause a hit on performance or should it be no problem for squid to handle? On Thu, Dec 10, 2020 at 2:29 PM Antony Stone < antony.st...@squid.open.source.it> wrote: > On Thursday 10 December 2020 at 13:02:19, roee klinger wrote: > > > Hello, > > > > We have a few Squid proxy servers with a total of around 400 ports > > What do you mean by that? What are you using 400 ports for? > > > We have decided that we want to add a cloud instance in the middle of the > > connections, that will authenticate users and only then send them to the > > squid instance. > > What authentication method / protocol do you want to use? > > > Is it a smart idea to use Squid for this use case or just use a different > > proxy software that doesn't have this limitation? > > I think the best starting point is to ask what sort of authentication you > want > to perform (ie: what is the authoritative system which holds the > information > about who can authenticate and who cannot), then you can decide on the > best > software to use to do that in front of Squid. > > > Antony. > > -- > Under UK law, no VAT is charged on biscuits and cakes - they are "zero > rated". > Chocolate covered biscuits, however, are classed as "luxury items" and are > subject to VAT. McVitie's classed its Jaffa Cakes as cakes, but in 1991 > this > was challenged by Her Majesty's Customs and Excise in court. > > The question which had to be answered was what criteria should be used to > class something as a cake or a biscuit. McVitie's defended the > classification > of Jaffa Cakes as a cake by arguing that cakes go hard when stale, whereas > biscuits go soft. It was demonstrated that Jaffa Cakes become hard when > stale > and McVitie's won the case. > > Please reply to the > list; > please *don't* CC > me. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
