Hi, I am trying to make Squid 2.6 work in the following setup: Main Site: I have one master caching/authentication Squid 2.6 server I have one DansGuardian (2.9.7.1) server with the above master Squid as its parent Remote Sites: I have 3 remote Squid servers that each authenticate their local clients and point to the above DG server as parent I am passing on user and password from the remote Squids (no-query login=*:password default). This worked great when the main site had an authentication Squid in front of DG (2.8) and the remote Squids used DG as the parent, and the main site authentication Squid did the same. In this setup all sites were really the same. Now with DG 2.9.7.1 I have tried to eliminate the main site authentication Squid as DG will now pass through to Squid to authenticate. This works great at the main site. However, when I set a remote Squid to use DG as its parent there is now an attempt to authenticate AGAIN to the main site Squid which is the parent to DG. Philip Allison (DG developer) suggested using ACLs to exclude these remote requests from being authenticated by the main Squid. I have been working on this but can't seem to get it to work. I can get things to work if I allow the remote subnet's IPs to have http_access, but that effectively skips DG filtering. I had hoped that something like: acl no_auth src <remote subnet range> proxy_auth REQUIRED !no_auth or something like that would skip auth on the main Squid. But that doesn't work, maybe the syntax is invalid for proxy_auth REQUIRED. I know I don't have a complete understanding of acls (and much more!) and know they are very powerful if you get them right and put them in the right order, etc. I'm stuck in getting the remote Squid requests to go to the main Squid and then go back to DG to filter, then out through Squid without trying to authenticate again. How I do make Squid ignore authenticating some requests (by IP acl or something?) but still filter with DG? Can it be done? If not, I'll just go back to Squid Auth->DG->Squid Cache like before. Thanks, Geoff
