Re: [squid-users] cache_peer - multiple ones

From: Chris Robertson <crobertson@dont-contact.us>
Date: Thu, 03 May 2007 15:08:58 -0800

Gareth Edmondson wrote:
> Hi Amos
>
> Thanks for that. The lines are as follows:
>
> #TAG: cache_peer_access
> cache_peer_access proxyssl allow CONNECT
> cache_peer_access proxyssl deny all
> cache_peer_access <upstreamproxyaddress> deny CONNECT
> cache_peer_access <upstreamproxyaddress> allow all
>
> As for the cache_peer lines they are as follows:
>
> #TAG: cache_peer
> cache_peer <upstreamproxyaddress> parent 8080 7 no-digest no-query
> no-net-db-exchange default login=username:password
> cache_peer proxyssl parent 443 no-digest no-query no-net-db-exchange
> default login=username:password
>
> Where username and password are our values. proxyssl is defined in the
> hosts file because I don't quite understand how to use the name= tag
> in Squid (I must read up about it).

That would be the reason you are being prompted for password a second
time. Squid has no way of knowing that these are the same upstream proxy.

What you want to do is...

cache_peer <upstreamproxyaddress> parent 8080 7 no-digest no-query
no-net-db-exchange default login=username:password name=proxy
cache_peer <upstreamproxyaddress> parent 443 7 no-digest no-query
no-net-db-exchange default login=username:password name=proxyssl

cache_peer_access proxyssl allow CONNECT
cache_peer_access proxyssl deny all
cache_peer_access proxy deny CONNECT
cache_peer_access proxy allow all

...which informs Squid that even though both proxy definitions use the
same machine, they have different purposes, and defines what those
purposes are.

>
> >From some tests we have run, we can tell that the Squid proxy is not
> sending the proxy authorisation headers (username and password) to the
> upstream proxy SSL proxy. I'm assuming this is due to a configuration
> error.
>
> The passwords for the two proxies (8080 and 443) are the same as they
> always have been.
>
> Can anyone gleam anything from that?
>
> Cheers
>
> Gareth

Chris
Received on Thu May 03 2007 - 17:09:08 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT