RE: [squid-users] Can Microsoft Proxy be the Parent http server on port 80 - Attached sample of my code

From: <jonathan_hughes@dont-contact.us>
Date: Tue, 25 Nov 2003 07:34:15 -0200

Doron,

No problem, here is a sample of my settings in my squid.conf file:

---------------------- START CODE SNIPPET ----------------------

http_port 3128 8080

icp_port 0 ##disabled - dont think MS Proxy supports this ???

cache_peer zaproxy.goodyear.co.za parent 80 3130 proxy-only
login=MyNT_Logon_ID:MyNT_Logon_Pass connect-timeout=15

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

hierarchy_stoplist cgi-bin ?

cache_dir ufs /var/spool/squid 100 16 256

ftp_user Squid@goodyear.co.za

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl mynetworks src 160.122.0.0/255.255.0.0
http_access allow mynetworks
icp_access allow mynetworks
http_access allow localhost
http_access deny all

http_reply_access allow all
icp_access allow all

cache_mgr root
cache_effective_user squid
cache_effective_group squid

... etc ...

---------------------- END CODE SNIPPET ----------------------

I think that covers all the primary settings. I have changed only the proxy
parent 'upstream', have added custom acl as seen above and have added port
8080 as an additional port Squid will serve its cache to clients on. My
aceess control seems fine as I do not get the denied message I used to get.

If I logon to windows NT with a username and password that is approved for
internet access then the existing MS proxy allows seamless web browsing -
otherwise the user needs to enter this authentication information to browse
the web (so users who do not have approved access cannot browse the web).

Any help appreciated, thanks,

                                                                           
                          Jonathan Hughes
                                                                           
                          Tech Support Specialist
                                                                           
                          Goodyear South Africa
                                                                           

                                                                                                                                  
                      "Doron
                      Shmaryahu" To: <jonathan_hughes@goodyear.co.za>, <squid-users@squid-cache.org>
                      <doron@crc.co.za cc:
> Subject: RE: [squid-users] Can Microsoft Proxy be the Parent http server on port
                                               80
                      2003/11/25 06:37
                      AM
                                                                                                                                  

Hi,

When you say you are having trouble what exacly does it not do. Also could
you post you portion of your squid.conf file.

Thanks

-----Original Message-----
From: jonathan_hughes@goodyear.co.za
[mailto:jonathan_hughes@goodyear.co.za]

Sent: 25 November 2003 10:07 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Can Microsoft Proxy be the Parent http server on
port 80

Hi List,

I need to install Squid server with the intention of using it to replace
Microsoft Proxy Server and ISA Proxy Server.

I have the basic daemon squid.conf and access control lists working (or so
it appears - squid -k parse generates no errors).

However I am having trouble configuring the parent or root Proxy server as
my squid install's parent.

If I can prove Squid works by placing it downstream from the existing proxy
server on our LAN and using the existing MS proxy as the Web content
supplier to the Squid cache (The MS proxy server is called 'upstream
server') then we maymigrate to Squid for our entire org.

I am running: Squid2.5 Stable1
Server OS: Red Hat Linux 9.0
MS Parent Proxy: msproxy.goodyear.co.za Squid Server: cache.goodyear.co.za

Any suggestions, or simple pointers will be appreciated. I have refrence
material and full printouts of config files etc.

Thanks in advance and keep well,

                          Jonathan Hughes

                          Tech Support Specialist

                          Goodyear South Africa

 P +27 41 9946 247 F +27 41 9946 243 E jonathan_hughes@goodyear.co.za

 H A M

 O X A

 N : I

 E L

 : :

|--------------------------------------------------------------------------|

|The information in this e-mail contains confidential and / or proprietary
|
|information and is intended solely for the addressee. Access to this
|
|e-mail by anyone else is unauthorised and may not be copied or
|
|disseminated without the express consent of The Goodyear Tire & Rubber
|
|Company or one of its subsidiaries. If you are not the intended recipient,
|
|any disclosure, copying, distribution or any action taken or omitted in
|
|reliance on this, is prohibited and may be unlawful. Whilst all
reasonable|
|steps are taken to ensure the accuracy and integrity of information and
|
|data transmitted electronically and to preserve the confidentiality
|
|thereof, no liability or responsibility whatsoever is accepted if
|
|information or data is, for whatever reason, corrupted or does not reach
|
|its intended destination.
|
|--------------------------------------------------------------------------|
Received on Tue Nov 25 2003 - 02:46:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:35 MST