Re: remote proxy questions

Your problem is that the parent proxy is asking for authentication, but not
recieving any from the child proxy.

on your parent line add
login=user:password
with a valid user and password.

ie
cache_peer xx.xx.x.xxx parent 3128 3130 login=cache2:somepassword

Rob
----- Original Message -----
From: "pat lendon" <plendon@microelectronics.com>
To: <squid-users@ircache.net>
Sent: Friday, July 28, 2000 5:00 AM
Subject: RE: remote proxy questions

> Thank you for responding!
>
> The never_direct allow all does not allow me to access parent cache -
> ERROR Cache Access Denied.
>
> I need the fifty remote users to access the new remote linux box with
> password NCSA authentication. The requests need to check the cache,
> then be forwarded to the main linux box (which has access to the
> internet). There are about 600 users who log into the main linux box
> with NCSA password authentication.
>
> The list of acl's is listed for the new linux box - it works, but I
> don't know that it's correct or how it is even working. I don't know
> why or if I even should be using the url_regex acl for the main_squid
> (I'm thinking I should use a src type instead of url_regex).
>
> cache_peer xx.xx.x.xxx parent 3128 3130
> acl FTP proto FTP
> acl main_squid url_regex ^http://xx.xx.xx.xxx
> acl new_squid src xx.xx.xx.xx
> acl password proxyu_auth REQUIREd
> http_access allow new_squid
> always_direct allow main_squid
> always_direct allow FTP
> http_access allow password
> http_access deny all
>
> If I don't use icp, then squid will not query cahces - is my thinking
> correct? Or, does squid query caches regardless if icp is specified and
> icp is just a good/better protocol to use when querying caches?
>
> fatemi wrote:
> >
> > Hi,
> >
> > >Hi,
> > >
> > >I've read so many archives, the Squid User Guide (which is great) and
> > >the faqs.
> > >
> > >I have setup a new linux system running Squid 2.3.STABLE3. I would
like
> > >requests to first check the new squid server's cache and then if the
> > >object is not found, be forwared to our main squid system located in
the
> > >same network. Once the request reaches the main server it needs to
check
> > >the main squid's cache and then go direct to origin server.
> > >
> > >new_squid -> main_squid -> origin server
> > >
> > >(1.) I've modified the squid.conf file and all is working. I don't
> > >know if the lines in the conf file are exactly what I need. I'm
> > >unsure....
> > >
> > >cache_peer xx.xx.x.xxx parent 3128 3130
> > >acl FTP proto FTP
> > >acl main_squid url_regex ^http://10.10.1.100
> > >acl new_squid src xx.xx.x.xxx
> > >acl password proxy_auth REQUIRED
> > >http_access allow new_squid
> > >always_direct allow main_squid
> > >always_direct allow FTP
> >
> > replace the above two lines with:
> > never_direct allow all
> > you may also add a no_query to the cache_peer tag,
> > also be sure authentication is not required to access
> > your old squid,you can check cache.log for this perpose.
> >
> > >http_access allow password
> > >http_access deny all
> > >
> > >(2.) If I need to query the new squid cache and main squid (parent)
> > >cache, then do I need to use icp?
> >
> > you can use icp (its better) but by setting no_query and icp port to '0'
> > its possible not to use icp.
> > >
> > >icp_port 3130
> > >cache_peer xx.xx.x.xxx parent 3128 3130
> > >
> > >The more I read, the more I'm confused. I'd like to keep things
> > >simple. Thank you for any insight in the above questions.
> > >
> > >-pat
> > >
> > >
> >
> > Best Regards
> >
> > Mehrdad Fatemi
> > R&D Director
> >
> > < AFRANET Co. ---------------------------- R&D Dept. >
>
>
Received on Thu Jul 27 2000 - 15:59:09 MDT