Hi Chris,
Okay - I've followed those instructions and squid reloads the configuration file without any
issues.
Browsing on port 8080 works, but once again 443 is challenging me for my credentials even though I
have turned off all authentication.
The thing about squid is, it is selecting the correct proxy (or cache_peer), however, it is not
sending the proxy authentication headers (login details) to the upstream proxy in the case of the
HTTPS (CONNECT method) requests.
I have no idea why not, and suspect a bug/glitch in squid it's self. Could this be looked at? I'm
not sure how to do this. Or how I prove it it a bug.
Cheers
GJE
On Fri May 4 0:08 , Chris Robertson <crobertson@gci.net> sent:
>Gareth Edmondson wrote:
>> Hi Amos
>>
>> Thanks for that. The lines are as follows:
>>
>> #TAG: cache_peer_access
>> cache_peer_access proxyssl allow CONNECT
>> cache_peer_access proxyssl deny all
>> cache_peer_access deny CONNECT
>> cache_peer_access allow all
>>
>> As for the cache_peer lines they are as follows:
>>
>> #TAG: cache_peer
>> cache_peer parent 8080 7 no-digest no-query
>> no-net-db-exchange default login=username:password
>> cache_peer proxyssl parent 443 no-digest no-query no-net-db-exchange
>> default login=username:password
>>
>> Where username and password are our values. proxyssl is defined in the
>> hosts file because I don't quite understand how to use the name= tag
>> in Squid (I must read up about it).
>
>That would be the reason you are being prompted for password a second
>time. Squid has no way of knowing that these are the same upstream proxy.
>
>What you want to do is...
>
>cache_peer parent 8080 7 no-digest no-query
>no-net-db-exchange default login=username:password name=proxy
>cache_peer parent 443 7 no-digest no-query
>no-net-db-exchange default login=username:password name=proxyssl
>
>cache_peer_access proxyssl allow CONNECT
>cache_peer_access proxyssl deny all
>cache_peer_access proxy deny CONNECT
>cache_peer_access proxy allow all
>
>...which informs Squid that even though both proxy definitions use the
>same machine, they have different purposes, and defines what those
>purposes are.
>
>>
>> >From some tests we have run, we can tell that the Squid proxy is not
>> sending the proxy authorisation headers (username and password) to the
>> upstream proxy SSL proxy. I'm assuming this is due to a configuration
>> error.
>>
>> The passwords for the two proxies (8080 and 443) are the same as they
>> always have been.
>>
>> Can anyone gleam anything from that?
>>
>> Cheers
>>
>> Gareth
>
>Chris
Received on Fri May 04 2007 - 03:23:11 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT