akhran wrote:
According to the documentation, one of setup is to use the squid sandwich.
1) Am I right to say that all traffic besides https are configured to use SQUID1 while https traffic is configured to use SQUID2 in the IE proxy settings?
2) All traffic pointing to SQUID1 will be scanned while traffic via SQUID2 will not be scanned?
It depends entirely on what is configured on SQUID1. You can use ACLs to bypass havp on whatever conditions you want (no HTTPS, ip, url, day of time etc.). The point is that you use SQUID1 for everything. It is the central point where clients connect.
Quote:
3)If I do not have SQUID1 but I have several HAVP and a SQUID2, can all the HAVPs be pointing SQUID2 as the parent proxy?
Ofcourse, it doesn't matter who and how many connect to SQUID2. All it does is accept clients (in this case, HAVPs) and do proxying.
Quote:
4) Would appreciate if you could elaborate on HAVP round robin (related to 3?) and the configurations required.
At simplest, you have cache_peer config for every havp address, and use round-robin option. I haven't tested if it's enough to have one cache_peer line with DNS address pointing to many HAVP IPs.
You should check Squid documentation for rest, all the information is there..
Cheers,
Henrik