[squid-users] Centralized Squid - design and implementation

Marcus Kool marcus.kool at urlfilterdb.com
Mon Nov 17 02:04:59 UTC 2014


Let me start to say that I am biased since I am the author of ufdbGuard.
If you have worked with squidGuard than you will find that ufdbGuard is an excellent replacement since ufdbGuard was forked in 2005 from squidGuard and has since gained many features.
And I suggest to apply for a trial license of the URL database at www.URLfilterDB.com.  You will probably see that there is a difference with other URL databases.

Best regards

Marcus

On 11/16/2014 01:54 PM, alberto wrote:
> Hello everyone,
> first of all thanks to the community of squid for such a great job.
>
> I'm writing because I have to revise the current implementation of squid in my company so I would like to share with you some design ideas and possibly have some suggestions from you.
>
> The group I work for has six offices/branches in six different italian cities and the networking infrastructure is based on a "hub and spoke" paradgima (ie
> https://www.checkpoint.com/products/vpn-1_power/images/vpn -1_pro_oneclick_star.gif) where every branch, the spoke, is part of the main datacenter, the hub.
> Now the cache/forward proxy runs - for each branch - inside the branch office on a pair of squid nodes balanced by wpad/javascript on ip address base (even ip/odd ip).
>
> For obvious reasons of maintenance and for other technical reasons we intend to move the proxy navigation centralizing it to the datacenter hub on a couple (how many?!) of squid nodes.
>
> I have some questions that I would like to share with you:
>
> 1. I would like to leave the solution we are using now (wpad balancing). In a situation like the one I have described, centralized squid serving the spokes/branches, which is the best solution for
> clustering/HA? If one of the centralized nodes had to "die" I would like client machines not to remain "hanging" but to continue working on an active node without disruption. A hierarchy of proxy
> would be the solution?
>
> 2. Bearing in mind that all users will be AD authenticated, which url filtering/blacklist solution do you suggest?
> In the past I have worked a lot with squidguard and dansguardian but now they don't seem to be the state of the art anymore.
> I've been thinking about two different solutions:
>    2a. To use the native acl squid with the squidblacklist.org <http://squidblacklist.org> lists (http://www.squidblacklist.org/)
>    2b. To use urlfilterdb (http://www.urlfilterdb.com/products/overview.html)
>
> 3. Which GNU/Linux distro do you suggest me? I was thinking about Debian Jessie (just frozen) or CentOS7.
>
> Thank you to everyone for reading so far.
>
> Regards,
> a.
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


More information about the squid-users mailing list