[squid-users] auth_param basic children

From: Andrew Struiksma <astruiksma_at_esd189.org>
Date: Mon, 6 Oct 2008 15:32:15 -0700

I have setup a reverse proxy which prompts for a password if the client is not on our LAN. I am not sure as to the proper setting of auth_param basic children. I set it to 2 since we will have around 75 users hitting the site from our LAN but probably fewer than 10 simultanious users from the outside. I'm just not sure if I'm correctly understanding how often the helper is actually used by Squid.

Is auth_param basic children only important when a user is actually prompted for a password? Or, is the authentication used everytime a client requests pages from Squid? Does it matter if the client in on our LAN or not?

Thanks!

Andrew

---squid.conf---------------
http_port my_ip:80 defaultsite=webserver.company.com
https_port my_ip:443 cert=/etc/apache2/ssl/webserver.company.com.cert key=/etc/apache2/ssl/webserver.company.com.key defaultsite=webserver.company.com

#redirects all http traffic to https
acl port80 myport 80
deny_info https://webserver.company.com port80
http_access deny port80

#reverse proxy
cache_peer webserver.company.com parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=myAccel
acl our_sites dstdomain webserver.company.com
acl all src 0.0.0.0/0.0.0.0

auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=company,dc=com" -D "cn=squid_user,cn=Users,dc=company,dc=com" -w "password" -f sAMAccountName=%s -h 192.168.1.2
auth_param basic children 2
auth_param basic realm Our web site
auth_param basic credentialsttl 2 hours

#these networks can access webserver without authenticating
acl trusted_nets src 192.168.1.0/24

acl ldap_users proxy_auth REQUIRED

http_access allow trusted_nets our_sites
http_access allow ldap_users our_sites

cache_peer_access myAccel allow our_sites
cache_peer_access myAccel deny all

never_direct allow our_sites
----------------------
Received on Mon Oct 06 2008 - 22:32:33 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 07 2008 - 12:00:03 MDT