RE: remote proxy questions

Thank you for responding!

The never_direct allow all does not allow me to access parent cache -
ERROR Cache Access Denied.

I need the fifty remote users to access the new remote linux box with
password NCSA authentication. The requests need to check the cache,
then be forwarded to the main linux box (which has access to the
internet). There are about 600 users who log into the main linux box
with NCSA password authentication.

The list of acl's is listed for the new linux box - it works, but I
don't know that it's correct or how it is even working. I don't know
why or if I even should be using the url_regex acl for the main_squid
(I'm thinking I should use a src type instead of url_regex).

cache_peer xx.xx.x.xxx parent 3128 3130
acl FTP proto FTP
acl main_squid url_regex ^http://xx.xx.xx.xxx
acl new_squid src xx.xx.xx.xx
acl password proxyu_auth REQUIREd
http_access allow new_squid
always_direct allow main_squid
always_direct allow FTP
http_access allow password
http_access deny all

If I don't use icp, then squid will not query cahces - is my thinking
correct? Or, does squid query caches regardless if icp is specified and
icp is just a good/better protocol to use when querying caches?

fatemi wrote:
>
> Hi,
>
> >Hi,
> >
> >I've read so many archives, the Squid User Guide (which is great) and
> >the faqs.
> >
> >I have setup a new linux system running Squid 2.3.STABLE3. I would like
> >requests to first check the new squid server's cache and then if the
> >object is not found, be forwared to our main squid system located in the
> >same network. Once the request reaches the main server it needs to check
> >the main squid's cache and then go direct to origin server.
> >
> >new_squid -> main_squid -> origin server
> >
> >(1.) I've modified the squid.conf file and all is working. I don't
> >know if the lines in the conf file are exactly what I need. I'm
> >unsure....
> >
> >cache_peer xx.xx.x.xxx parent 3128 3130
> >acl FTP proto FTP
> >acl main_squid url_regex ^http://10.10.1.100
> >acl new_squid src xx.xx.x.xxx
> >acl password proxy_auth REQUIRED
> >http_access allow new_squid
> >always_direct allow main_squid
> >always_direct allow FTP
>
> replace the above two lines with:
> never_direct allow all
> you may also add a no_query to the cache_peer tag,
> also be sure authentication is not required to access
> your old squid,you can check cache.log for this perpose.
>
> >http_access allow password
> >http_access deny all
> >
> >(2.) If I need to query the new squid cache and main squid (parent)
> >cache, then do I need to use icp?
>
> you can use icp (its better) but by setting no_query and icp port to '0'
> its possible not to use icp.
> >
> >icp_port 3130
> >cache_peer xx.xx.x.xxx parent 3128 3130
> >
> >The more I read, the more I'm confused. I'd like to keep things
> >simple. Thank you for any insight in the above questions.
> >
> >-pat
> >
> >
>
> Best Regards
>
> Mehrdad Fatemi
> R&D Director
>
> < AFRANET Co. ---------------------------- R&D Dept. >
Received on Thu Jul 27 2000 - 13:03:24 MDT