[squid-users] squid 3 as accelerator & backside digest auth

From: Mark Foster <mark@dont-contact.us>
Date: Wed, 11 Jan 2006 08:47:31 -0800

I got squid-3.0-PRE3-20060110 compiled OK. The intention I have is to
replace squid-2.5.STABLE3 to accelerate a backend .NET server.
There is a requirement to support digest authentication through to the
.NET server and 2.5 does not seem to support it - I think because the
backend request is using HTTP/1.0.

I had hoped 3.0 would support HTTP/1.1 and digest auth based on the
release notes, however there are some squid.conf directives which do not
seem valid in 3.0 even though they are in 2.5
2006/01/11 11:40:34.659| parseConfigFile: 'squid.conf' line 48
unrecognized: 'httpd_accel_host virtual'
2006/01/11 11:40:34.659| parseConfigFile: 'squid.conf' line 49
unrecognized: 'httpd_accel_port 0'
2006/01/11 11:40:34.659| parseConfigFile: 'squid.conf' line 50
unrecognized: 'httpd_accel_single_host off'
2006/01/11 11:40:34.659| parseConfigFile: 'squid.conf' line 51
unrecognized: 'httpd_accel_with_proxy off'
2006/01/11 11:40:34.659| parseConfigFile: 'squid.conf' line 52
unrecognized: 'httpd_accel_single_host off'
2006/01/11 11:40:34.659| parseConfigFile: 'squid.conf' line 53
unrecognized: 'httpd_accel_uses_host_header on'

So to cut to the chase, my question is... can 3.0 be used as an
accelerator supporting digest auth on the backside? Or alternatively,
could this be supported in 2.5 if correctly configured?

Here is my squid.conf.
http_port 80
cache_effective_user squid
cache_effective_group squid
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_swap_low 80
cache_swap_high 90
cache_dir ufs /usr/local/squid/cache 256 16 256
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /usr/local/squid/var/logs/access.log combined
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none
debug_options ALL,3
redirect_program /usr/local/squid/bin/redirect.pl
redirect_children 5
redirect_rewrites_host_header off
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
http_reply_access allow all
coredump_dir /usr/local/squid/var/cache
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_single_host off
httpd_accel_with_proxy off
httpd_accel_single_host off
httpd_accel_uses_host_header on

-- 
Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <mark@foster.cc>  http://mark.foster.cc/
Received on Wed Jan 11 2006 - 09:48:23 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST