Re: [squid-users] Use of cache_peer login=username:password from Chris Robertson on 2007-04-12 (squid-users)

From: Chris Robertson <crobertson@dont-contact.us>
Date: Thu, 12 Apr 2007 10:05:10 -0800

Ian wrote:
> I'm running squid 2.6.11 on FreeBSD with a parent cache that requires
> authentication in order to access any web sites.
> It's been suggested to us by the department that runs the upstream cache that
> we can make some sites accessible without the client having to authenticate
> by getting our local squid to supply the username & password to the upstream
> cache for those sites. (As a workaround for programs that don't have proxy
> authentication built into them for instance).
> This uses the cache_peer login= syntax. Unfortunately, the configuration they
> sent me doesn't work - I get the following error:"FATAL: ERROR: cache_peer
> xxx.xxx.xxx.xxx specified twice".
>

Seems pretty clear to me. You have the same cache peer listed twice.
You need to differentiate them somehow. Squid 2.6 has a "name="
directive for cache_peers, which might work...

> Here is the relavent section of squid.conf (IP address, username & password
> have been removed!)
>
> #Define acl for all source addresses
> acl rest src 0.0.0.0/0.0.0.0
> #
> #Define acl for proxy bypass addresses (squid does authentication for these)
> acl safe dstdomain "/usr/local/etc/squid/safe.conf"
> #Supply username & password for sites defined in safe.conf
> cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query
> login=username:password
>
cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query
login=username:password name=noauth
> cache_peer_access xxx.xxx.xxx.xxx allow safe
> cache_peer_access xxx.xxx.xxx.xxx deny rest
> #Require authentication for all other sites
> cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS
>
cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS
name=auth
> cache_peer_access xxx.xxx.xxx.xxx deny safe
> cache_peer_access xxx.xxx.xxx.xxx allow rest
>
> Can anyone suggest a way to implement this that gets around the duplicate
> cache_peer problem?
>
> Cheers,
>

If that doesn't work, give the two proxies different DNS A records
(authproxy.example.com and noauthproxy.example.com for example) or host
file entries and use the different names.

Chris
Received on Thu Apr 12 2007 - 12:05:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT