[squid-users] How to do password forwarding w/cache_peer's login=PASS?

From: Eric W. Wallace <ewwallace@dont-contact.us>
Date: Wed, 22 Jan 2003 12:53:41 -0800 (PST)

I've looked at this before (during the v2.3/2.4 era) and now I'm convinced it's
possible, I just need to figure out the right way to do it...

Here's the situation:
* corporate network with only one way out, thru the firewall/parent cache
* Squid proxy must authenticate all requests with LDAP, log, [cache] and
fulfill the requests
* Squid proxy must forward the login/password info intact only for a certain
list of 40+ internal web servers which also require LDAP authentication

What I think I need:
* 'never_direct allow all' to force proxy to handle requests
* 'acl all proxy_auth REQUIRED' to force authentication on everything
* 'cache_peer firewall.my.net parent 80 7 default' for the non-ICP parent
cache/firewall

Now comes the confusing part...
* Do I need to specify each internal web server with a 'cache_peer ...
login=PASS' line individually?
* How do I tell Squid to use only that webserver (cache_peer) for that
destination? Does each webserver need it's own cache_peer_domain or
cache_peer_access line? ...And how?

TIA, ~eric
Received on Wed Jan 22 2003 - 13:53:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:47 MST