Basic chaining

In this case, Squid forwards requests to the cloud proxy but performs no authentication. End users can be authenticated using manual authentication only: prompting users for a user name and password the first time they access the Internet through a browser.

Configure Squid to forward requests to the cloud proxy as follows:
  1. Define one or more ACLs to identify sites that should be not be filtered through Forcepoint Web Security Cloud. These must include certain service-specific sites, and should include any other sites that are not normally handled through the cloud service. You can identify these sites by examining the service-generated PAC file available at http://pac.webdefence.global.blackspider.com:8082/proxy.pac.
    You should also configure direct access to the cloud portal to allow the following:
    • Correct display of block pages
    • End-user self-registration

    The roaming user home page, if used, should also be configured as an ACL.

    The following sites must be included in the ACLs:
    acl WBSN dstdomain .mailcontrol.com
acl WBSN dstdomain www.blackspider.com
acl WBSN dstdomain webdefence.global.blackspider.com
always_direct allow WBSN
  2. Force all other sites to use the cloud proxy as follows:
    never_direct allow all
  3. Tell Squid the location of the upstream cloud proxy:
    cache_peer webdefence.global.blackspider.com parent 8081 0
no-query default no-digest