Squid Cache: Version 2.5.STABLE9 My local squid uses a parent proxy passing the login credentials to it: cache_peer frd-proxy parent 8080 3130 login=PASS no-query For one special application (exchange data with "elster") this does not work because of the logon procedure. I tried to solve it using ACLs and cache_peer_domain. cache_peer frd-proxy parent 8080 3130 login=PASS no-query cache_peer frd-proxy-nologon parent 8080 3130 login=name:topsecret no-query The application should not logon to the local proxy and use the second parent "frd-proxy-nologon" cache_peer_domain frd-proxy-nologon BOE-ELSTER cache_peer_domain frd-proxy !BOE-ELSTER acl BOE-ELSTER dst 80.146.179.0/255.255.255.0 acl BOE-ELSTER dst 193.109.238.0/255.255.255.0 http_access allow BOE-ELSTER Unfortunately this does not work. access.log shows that the application contacts the wrong proxy "frd-proxy" instead of "frd-proxy-nologon": 1111588597.594 696 10.23.5.205 TCP_MISS/407 1299 POST http://80.146.179.3/Elster2/EMS - FIRST_UP_PARENT/frd-proxy text/html 1111588598.154 543 10.23.5.205 TCP_MISS/407 1299 POST http://193.109.238.58/Elster2/EMS - FIRST_UP_PARENT/frd-proxy text/html 1111588598.815 649 10.23.5.205 TCP_MISS/407 1299 POST http://193.109.238.59/Elster2/EMS - FIRST_UP_PARENT/frd-proxy text/html 1111588599.132 304 10.23.5.205 TCP_MISS/407 1299 POST http://80.146.179.2/Elster2/EMS - FIRST_UP_PARENT/frd-proxy text/html Debugging shows that the ACL BOE-ELSTER is working well: 2005/03/23 09:36:36| aclCheck: checking 'http_access allow BOE-ELSTER' 2005/03/23 09:36:36| aclMatchAclList: checking BOE-ELSTER 2005/03/23 09:36:36| aclMatchAcl: checking 'acl BOE-ELSTER dst 80.146.179.0/255.255.255.0' 2005/03/23 09:36:36| The request POST http://80.146.179.3:80/Elster2/EMS is ALLOWED, because it matched 'BOE-ELSTER' 2005/03/23 09:36:37| aclCheck: checking 'http_access allow BOE-ELSTER' 2005/03/23 09:36:37| aclMatchAclList: checking BOE-ELSTER 2005/03/23 09:36:37| aclMatchAcl: checking 'acl BOE-ELSTER dst 80.146.179.0/255.255.255.0' 2005/03/23 09:36:37| The request POST http://193.109.238.58:80/Elster2/EMS is ALLOWED, because it matched 'BOE-ELSTER' 2005/03/23 09:36:38| aclCheck: checking 'http_access allow BOE-ELSTER' 2005/03/23 09:36:38| aclMatchAclList: checking BOE-ELSTER 2005/03/23 09:36:38| aclMatchAcl: checking 'acl BOE-ELSTER dst 80.146.179.0/255.255.255.0' 2005/03/23 09:36:38| The request POST http://193.109.238.59:80/Elster2/EMS is ALLOWED, because it matched 'BOE-ELSTER' 2005/03/23 09:36:38| aclCheck: checking 'http_access allow BOE-ELSTER' 2005/03/23 09:36:38| aclMatchAclList: checking BOE-ELSTER 2005/03/23 09:36:38| aclMatchAcl: checking 'acl BOE-ELSTER dst 80.146.179.0/255.255.255.0' 2005/03/23 09:36:38| The request POST http://80.146.179.2:80/Elster2/EMS is ALLOWED, because it matched 'BOE-ELSTER' Why does it use the wrong proxy? Werner Rost GMT-FIR - Netzwerk ZF Boge Elastmetall GmbH Friesdorfer Str. 175, 53175 Bonn, Deutschland/Germany Telefon/Phone +49 228 3825 - 420 Telefax/Fax +49 228 3825 - 398 werner.rost@xxxxxx >-----Ursprüngliche Nachricht----- >Von: Henrik Nordstrom [mailto:hno@xxxxxxxxxxxxxxx] >Gesendet: Samstag, 5. März 2005 03:47 >An: Rost Werner ZFBE GMT-ISN >Cc: squid-users@xxxxxxxxxxxxxxx >Betreff: Re: [squid-users] Parent > > >On Fri, 4 Mar 2005 Werner.Rost@xxxxxx wrote: > >> And now we have to avoid auth. on the parent for this URL. I need a >> construct like >> if NOLOGON then cache_peer parent-proxy parent 8080 3130 >> login=user:secret no-query >> >> which replaces "login=PASS" by a fixed username:password. >> >> How can we do this? Is it possible? > >Yes. You only need to use two different names for the same parent, and >cache_peer_access to control what is sent "where". > >> Another posibility would be to define a second parent say >> cache_peer parent-proxy-1 parent 8080 3130 login=user:secret >> no-query >> >> and connect this URL to this second proxy, say: >> if NOLOGON then use parent-proxy-1 >> >> How can we do this? Is it possible? > >same thing. > >Squid does not care if the two peers is the same proxy or two >different >proxies. All it cares is that it thinks it is two different >proxies (by >having different names in the cache_peer directive). > >Regards >Henrik >