Mark Engels wrote:
> Mark Engels wrote:
>> Hello all,
>>
>> Im hopeing this is the place to come when seeking some assistance with a squid proxy configuration issue thats giving myself a little grief, and i certainly hope nothing like this has been asked before.
>>
>> The general idea of what im trying to accomplish is to have a end user enter their username and password credentials as they normaly would do, (there is quota enforcement and site blocking higher up that i have limited control over) and have it so that when a user say goes to www.educationalmaterial.com the local squid proxy users a pre defined username and password to access the material thus not charging the user quota download costs for accessing the material.
>>
>> The proxy server was supplied to us from head office with pre configured rules to work as a local cache. I hope to leave all the existing rules in place. also all our internet service must filter through this 1 provided proxy, we cannot source external internet or alternet proxies..
>>
>> A portion of the configuration file is as below.
>>
>> #####
>>
>> cache_peer proxy.site.com parent 8080 3130 no-query default login=PASS
>> auth_param digest children 5
>> auth_param digest realm Squid proxy-caching web server
>> auth_param digest nonce_garbage_interval 5 minutes
>> auth_param digest nonce_max_duration 30 minutes
>> auth_param digest nonce_max_count 50
>> auth_param basic children 5
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 2 hours
>> auth_param basic casesensitive off
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443 563
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 563 # https, snews
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> acl block url_regex -i "d:/squid/var/logs/block.conf"
>> acl unblock url_regex -i "d:/squid/var/logs/unblock.conf"
>> acl nocache url_regex -i "d:/squid/var/logs/nocache.conf"
>> no_cache deny nocache
>> http_access deny block !unblock
>> http_access allow all
>> http_access deny all
>> http_reply_access allow all
>>
>>
>> #####
>> i thought it would be a simple thing to make the required changes and started to aproach with adding the following
>> #####
>>
>> cache_peer proxy.site.com parent 8080 3130 no-query login="free user":pa$$word name=free
>> cache_peer_access free allow free_sites
>> cache_peer_access free deny all
>> acl free_sites url_regex -i "d:/squid/var/logs/freesites.conf"
>>
>> #####
>>
>> unfortunately this seemed to break the local cache and im not too sure where ive gone wrong. any help in this or even an alternate solution would be greatly apreciated.
>>
>
> You have the right idea. Thats how its done.
> But whitespace is not permitted in the parameter.
>
> What you have there is no password with username "free .
>
>
>> note: changed proxy name and user credentials for privacy reasons, and running squid 2.5 on local and upstream server.
>>
>
> Please see my sig... :)
>
> Your HQ provider may need to be made aware that there is no longer any
> official support for 2.5. The oldest fully supported version is now 2.7.
>
> Amos
>
>
> Thankyou for your help amos :)
>
> unfortunately i doubt HQ will even consider changing this system under the current management as it effects tens of thousands of users... education ;-)
>
> perhaps you might be able to help again, all of our users must have a space in their account name. it is mandatory in account creation. would there be a way arround this? (perhaps %20 like in html?) i hope the solution isnt in the 3.0 version of squid or that a work arround for 2.5 might be available?
Um. I don't have a copy of 2.5 code to check, but 2.6 will accept %20
with no " quotes. So your chances of that are good.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24 Current Beta Squid 3.1.0.16Received on Tue Feb 23 2010 - 08:19:37 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 23 2010 - 12:00:06 MST