Ian wrote:
I'm running squid 2.6.11 on FreeBSD with a parent cache that requires
authentication in order to access any web sites.
It's been suggested to us by the department that runs the upstream cache that
we can make some sites accessible without the client having to authenticate
by getting our local squid to supply the username & password to the upstream
cache for those sites. (As a workaround for programs that don't have proxy
authentication built into them for instance).
This uses the cache_peer login= syntax. Unfortunately, the configuration they
sent me doesn't work - I get the following error:"FATAL: ERROR: cache_peer
xxx.xxx.xxx.xxx specified twice".
Seems pretty clear to me. You have the same cache peer listed twice.
You need to differentiate them somehow. Squid 2.6 has a "name="
directive for cache_peers, which might work...
Here is the relavent section of squid.conf (IP address, username & password
have been removed!)
#Define acl for all source addresses
acl rest src 0.0.0.0/0.0.0.0
#
#Define acl for proxy bypass addresses (squid does authentication for these)
acl safe dstdomain "/usr/local/etc/squid/safe.conf"
#Supply username & password for sites defined in safe.conf
cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query
login=username:password
cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query
login=username:password name=noauth
cache_peer_access xxx.xxx.xxx.xxx allow safe
cache_peer_access xxx.xxx.xxx.xxx deny rest
#Require authentication for all other sites
cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS
cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS
name=auth
cache_peer_access xxx.xxx.xxx.xxx deny safe
cache_peer_access xxx.xxx.xxx.xxx allow rest
Can anyone suggest a way to implement this that gets around the duplicate
cache_peer problem?
Cheers,
If that doesn't work, give the two proxies different DNS A records
(authproxy.example.com and noauthproxy.example.com for example) or host
file entries and use the different names.
Chris
