[squid-users] [Squid Win32] cache_peerr_access by user (ext_user) from Sébastien WENSKE on 2008-09-10 (squid-users)

From: Sébastien WENSKE <canardwc_at_canardwc.com>
Date: Wed, 10 Sep 2008 17:23:55 +0200

Hi All,

I'm currently setting up a squid under windows with basic authentification.
The goal is to allow access to different cache peer regarding the logged
user.

------------ squid.conf---------------
auth_param basic program c:/squid/libexec/ncsa_auth.exe
c:/squid/etc/proxy_users.pwd
auth_param basic children 5
auth_param basic realm Test Platform Squid Cache
auth_param basic credentialsttl 1 hours
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl vlan119 proxy_auth REQUIRED src 10.147.119.0/24
acl user_moka_prod ext_user moka_prod
acl user_moka_training ext_user moka_training
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow vlan119
http_access deny all
icp_access deny all
http_port 3128
cache_peer 10.148.20.50 parent 3128 0 name=profile_moka_prod
login=moka_prod:ccF1lt3r!
cache_peer 10.148.20.50 parent 3128 0 name=profile_moka_training
login=moka_training:ccF1lt3r!
cache_peer 10.147.20.35 parent 3128 0 name=profile_moka_prod_bkp
login=moka_prod:ccF1lt3r!
cache_peer 10.147.20.35 parent 3128 0
name=profile_moka_training_bkp login=moka_training:ccF1lt3r!
cache_peer_access profile_moka_prod allow user_moka_prod
cache_peer_access profile_moka_training allow user_moka_training
cache_peer_access profile_moka_prod_bkp allow user_moka_prod
cache_peer_access profile_moka_training_bkp allow user_moka_training
hierarchy_stoplist cgi-bin ?
cache_mem 350 MB
maximum_object_size_in_memory 200 KB
memory_replacement_policy heap LFUDA
cache_replacement_policy heap LFUDA
cache_dir ufs c:/squid/var/cache 1000 16 256
maximum_object_size 8096 KB
cache_swap_low 90
cache_swap_high 95
access_log c:/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
dns_nameservers 10.147.113.10 10.147.113.11
coredump_dir c:/squid/var/cache
never_direct allow all
--------------------------------------------------

The authentification works, i can see the username in access.log when direct
access is allowed.
But when I set never_direct allow all, I get a squid error page:
-----------------------------------------------------------------
Unable to forward this request at this time.
This request could not be forwarded to the origin server or to any parent
caches. The most likely cause for this error is that:

The cache administrator does not allow this cache to make direct connections
to origin servers, and
All configured parent caches are currently unreachable.
-----------------------------------------------------------------

and in the cache.log:
----------------------------------------
2008/09/10 11:44:59| Failed to select source for 'http://www.google.fr/'
2008/09/10 11:44:59| always_direct = 0
2008/09/10 11:44:59| never_direct = 1
2008/09/10 11:44:59| timedout = 0
2008/09/10 11:45:04| Failed to select source for 'http://www.google.fr/'
2008/09/10 11:45:04| always_direct = 0
2008/09/10 11:45:04| never_direct = 1
2008/09/10 11:45:04| timedout = 0
2008/09/10 11:45:05| Failed to select source for 'http://www.google.fr/'
2008/09/10 11:45:05| always_direct = 0
2008/09/10 11:45:05| never_direct = 1
2008/09/10 11:45:05| timedout = 0
2008/09/10 13:36:38| Failed to select source for 'http://www.google.fr/'
2008/09/10 13:36:38| always_direct = 0
2008/09/10 13:36:38| never_direct = 1
2008/09/10 13:36:38| timedout = 0
----------------------------------------

Although there are no errors on startup:
-------------------------------------------------
2008/09/10 17:00:31| Configuring profile_moka_prod Parent
profile_moka_prod/3128/0
2008/09/10 17:00:31| Configuring profile_moka_training Parent
profile_moka_training/3128/0
2008/09/10 17:00:31| Configuring profile_moka_prod_bkp Parent
profile_moka_prod_bkp/3128/0
2008/09/10 17:00:31| Configuring profile_moka_training_bkp Parent
profile_moka_training_bkp/3128/0
2008/09/10 17:00:31| Ready to serve requests.

Thanks for your help, let me know if you need more informations.

Best Regards,

Sebastien.

--------------------------------------------
listen funk, jazz & soul at www.canardwc.com
Received on Wed Sep 10 2008 - 15:24:09 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 10 2008 - 12:00:03 MDT