I'm running squid 2.6.11 on FreeBSD with a parent cache that requires authentication in order to access any web sites. It's been suggested to us by the department that runs the upstream cache that we can make some sites accessible without the client having to authenticate by getting our local squid to supply the username & password to the upstream cache for those sites. (As a workaround for programs that don't have proxy authentication built into them for instance). This uses the cache_peer login= syntax. Unfortunately, the configuration they sent me doesn't work - I get the following error:"FATAL: ERROR: cache_peer xxx.xxx.xxx.xxx specified twice". Here is the relavent section of squid.conf (IP address, username & password have been removed!) #Define acl for all source addresses acl rest src 0.0.0.0/0.0.0.0 # #Define acl for proxy bypass addresses (squid does authentication for these) acl safe dstdomain "/usr/local/etc/squid/safe.conf" #Supply username & password for sites defined in safe.conf cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=username:password cache_peer_access xxx.xxx.xxx.xxx allow safe cache_peer_access xxx.xxx.xxx.xxx deny rest #Require authentication for all other sites cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS cache_peer_access xxx.xxx.xxx.xxx deny safe cache_peer_access xxx.xxx.xxx.xxx allow rest Can anyone suggest a way to implement this that gets around the duplicate cache_peer problem? Cheers, -- Ian gpg key: http://home.swiftdsl.com.au/~imoore/no-spam.asc
Attachment:
pgpbPWp8xz1HB.pgp
Description: PGP signature
