Re: [squid-users] cache_peer - multiple ones from Gareth Edmondson on 2007-05-02 (squid-users)

From: Gareth Edmondson <gje@dont-contact.us>
Date: Wed, 02 May 2007 21:03:29 +0100

Henrik Nordstrom wrote:
> tis 2007-05-01 klockan 23:41 +0100 skrev Gareth Edmondson:
>
>
>> Thanks for the advice here. I read about this name= option earlier in
>> the archives - but I got the impression from previous posters that it
>> was in version 3 of squid and not the stable version that ships with
>> Debian Etch. The stable version is 2.6.5-6.
>>
>
> It's in 2.6 and later.
>
>
>> cache_peer_access sslproxy allow CONNECT
>> cache_peer_access sslproxy deny all
>> cache_peer_access <original upstream name> deny CONNECT
>> cache_peer_access <original upstream name> allow all
>>
>> I'm not sure they are in the right order.
>>
>
> Looks fine.
>
> order of cache_peer_access is important, but only per peer. The order of
> the peers is not important.
>
>
>>>> Everything seems to be working. However when we try and connect to the
>>>> 443 website it challenges us again for the AD username and password.
>>>> Upon entering this the browser challenges us again and again and again -
>>>> simply not letting us through.
>>>>
>
> One more thing, have you added trust between Squid and the peer for
> forwarding of proxy authentication? See the login option to cache_peer.
>
> Regards
> Henrik
>
>
Here is an extract of my access.log file - what is the difference
between a HIT and a MISS in this scenario?

1178111113.463 0 127.0.0.1 TCP_HIT/200 506 GET
http://communities.rm.com/forums/skins/communities/images/message_gradient_header.gif
- NONE/- image/gif
1178111113.515 53 127.0.0.1 TCP_MISS/404 1952 GET
http://communities.rm.com/favicon.ico -
DEFAULT_PARENT/webcluster.education.swansea.sch.uk text/html
1178111115.152 111 127.0.0.1 TCP_MISS/302 1302 GET
http://communities.rm.com/forums/member/default.aspx -
DEFAULT_PARENT/webcluster.education.swansea.sch.uk text/html
1178111115.198 3 127.0.0.1 TCP_MISS/000 3112 CONNECT
communities.rm.com:443 - DEFAULT_PARENT/proxyssl -
1178111118.229 3 127.0.0.1 TCP_MISS/000 3112 CONNECT
communities.rm.com:443 - DEFAULT_PARENT/proxyssl -
1178111121.481 3 127.0.0.1 TCP_MISS/000 3112 CONNECT
communities.rm.com:443 - DEFAULT_PARENT/proxyssl -

You can see clearly where I have attempted to access a 443 website - yet
it still asks me to authenticate against the AD with my username and
password. The problem must lie with my authentication modules.

GJE
Received on Wed May 02 2007 - 14:03:42 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT