[squid-users] Re: squid-users Digest 5 Feb 2005 11:09:09 -0000 Issue 1829

From: thomas <thomas.xavier@dont-contact.us>
Date: Sun, 6 Feb 2005 11:59:53 +0530

Thanks Henrik Nordstrom
no-query and login=guest:guest123 option in cache_peer has solved muy
problem. Now Imy squid.conf is like this-
Proxy having IP address 20.20.20.1 has squid.conf has following option

#To authenticate with parent proxy 10.10.10.1
cache_peer 10.10.10.1 parent 8080 3130 login=guest:guest123

# use ncsa_auth for authentication
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5

# ACL description
acl all src 0.0.0.0/0.0.0.0
acl localnetwork src 20.20.20.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 8080
acl CONNECT method CONNECT
acl ncsa_users proxy_auth REQUIRED # authentication for all user required

# List of http_access
http_access allow localhost
http_access allow localnetwork
http_access allow ncsa_users
http_access allow Safe-ports
http_access allow password
http_access allow all

#OTHERS
http_reply_access allow all
icp_access allow all
http_port 8080
coredump_dir /var/spool/squid
https_port 8080

NOW I NEED HELP FOR FOLLOWING. TIA

Q1- I am able to browse internet from any of my PC on my netwok
(20.20.20.0/24). But users are not being asked for username & password
for authentication. What's wrong?
Q2- Is the sequence of http_access is correct? If any sequence cxhange
required, please suggest.
Q3- Is "http_access allow password" required at all? My friend says it
is on no use.

> > When I am trying to accesses a web page thry browser on the same
> > machine where squid is running, error being logged in access.log is
> > TIMEOUT_FIRST_UP_PARENT.
> > User are being authenticated successfully thru ncsa_auth.
>
> Are you inside a firewall, requiring you to use a parent to reach the
> internet? If so see the FAQ on how to use Squid within a firewalled
> network.
>
> In addition, does your parent support ICP? If not you need to use the
> no-query option.
> Henrik
Received on Sat Feb 05 2005 - 23:29:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST