[squid-users] Squid with more than 128 ports?

Thu Dec 10 18:39:22 UTC 2020

Hey Anthony,

Giving this a second thought, I believe I didn't explain myself correctly.

I have 5 Squid servers, each listening on 80 ports, I would like to add
another
Squid server in the middle of the client and these servers to
authenticate users
before sending them to their ports. I already have ACL controls and auth
control tools
which I wrote and are working fine.

My question is regarding how to configure this, I have found this
configuration online
but I am not sure how it will work performance-wise with 500+ proxies
(could be 1000s in
the future):

http_port 3128 name=port_3128
> http_port 3127 name=port_3127
> nonhierarchical_direct off
> acl port_3128_acl myportname port_3128
> acl port_3127_acl myportname port_3127
> always_direct deny port_3128_acl
> always_direct deny port_3127_acl
> never_direct allow port_3128_acl
> never_direct allow port_3127_acl
> # 3128
> cache_peer proxy1 parent 3128 0 proxy-only default name=proxy3128
> cache_peer_access proxy3128 allow port_3128_acl
> cache_peer_access proxy3128 deny all
> # 3127
> cache_peer proxy2 parent 3128 0 proxy-only default name=proxy3127
> cache_peer_access proxy3127 allow port_3127_acl
> cache_peer_access proxy3127 deny all

Combine these 2000+ lines in squid.conf with 2 external ACLs and a custom
authenticator,
can this cause a hit on performance or should it be no problem for squid to
handle?

On Thu, Dec 10, 2020 at 2:29 PM Antony Stone <
Antony.Stone at squid.open.source.it> wrote:

> On Thursday 10 December 2020 at 13:02:19, roee klinger wrote:
>
> > Hello,
> >
> > We have a few Squid proxy servers with a total of around 400 ports
>
> What do you mean by that?  What are you using 400 ports for?
>
> > We have decided that we want to add a cloud instance in the middle of the
> > connections, that will authenticate users and only then send them to the
> > squid instance.
>
> What authentication method / protocol do you want to use?
>
> > Is it a smart idea to use Squid for this use case or just use a different
> > proxy software that doesn't have this limitation?
>
> I think the best starting point is to ask what sort of authentication you
> want
> to perform (ie: what is the authoritative system which holds the
> information
> about who can authenticate and who cannot), then you can decide on the
> best
> software to use to do that in front of Squid.
>
>
> Antony.
>
> --
> Under UK law, no VAT is charged on biscuits and cakes - they are "zero
> rated".
> Chocolate covered biscuits, however, are classed as "luxury items" and are
> subject to VAT.  McVitie's classed its Jaffa Cakes as cakes, but in 1991
> this
> was challenged by Her Majesty's Customs and Excise in court.
>
> The question which had to be answered was what criteria should be used to
> class something as a cake or a biscuit.  McVitie's defended the
> classification
> of Jaffa Cakes as a cake by arguing that cakes go hard when stale, whereas
> biscuits go soft.  It was demonstrated that Jaffa Cakes become hard when
> stale
> and McVitie's won the case.
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201210/f5776ec6/attachment-0001.htm>