I'm running squid 2.6.11 on FreeBSD with a parent cache that requires
authentication in order to access any web sites.
It's been suggested to us by the department that runs the upstream cache that
we can make some sites accessible without the client having to authenticate
by getting our local squid to supply the username & password to the upstream
cache for those sites. (As a workaround for programs that don't have proxy
authentication built into them for instance).
This uses the cache_peer login= syntax. Unfortunately, the configuration they
sent me doesn't work - I get the following error:"FATAL: ERROR: cache_peer
xxx.xxx.xxx.xxx specified twice".
Here is the relavent section of squid.conf (IP address, username & password
have been removed!)
#Define acl for all source addresses
acl rest src 0.0.0.0/0.0.0.0
#
#Define acl for proxy bypass addresses (squid does authentication for these)
acl safe dstdomain "/usr/local/etc/squid/safe.conf"
#Supply username & password for sites defined in safe.conf
cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query
login=username:password
cache_peer_access xxx.xxx.xxx.xxx allow safe
cache_peer_access xxx.xxx.xxx.xxx deny rest
#Require authentication for all other sites
cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS
cache_peer_access xxx.xxx.xxx.xxx deny safe
cache_peer_access xxx.xxx.xxx.xxx allow rest
Can anyone suggest a way to implement this that gets around the duplicate
cache_peer problem?
Cheers,
-- Ian gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT