Gareth Edmondson wrote:
Hi Amos
Thanks for that. The lines are as follows:
#TAG: cache_peer_access
cache_peer_access proxyssl allow CONNECT
cache_peer_access proxyssl deny all
cache_peer_access <upstreamproxyaddress> deny CONNECT
cache_peer_access <upstreamproxyaddress> allow all
As for the cache_peer lines they are as follows:
#TAG: cache_peer
cache_peer <upstreamproxyaddress> parent 8080 7 no-digest no-query
no-net-db-exchange default login=username:password
cache_peer proxyssl parent 443 no-digest no-query no-net-db-exchange
default login=username:password
Where username and password are our values. proxyssl is defined in the
hosts file because I don't quite understand how to use the name= tag
in Squid (I must read up about it).
That would be the reason you are being prompted for password a second
time. Squid has no way of knowing that these are the same upstream proxy.
What you want to do is...
cache_peer <upstreamproxyaddress> parent 8080 7 no-digest no-query
no-net-db-exchange default login=username:password name=proxy
cache_peer <upstreamproxyaddress> parent 443 7 no-digest no-query
no-net-db-exchange default login=username:password name=proxyssl
cache_peer_access proxyssl allow CONNECT
cache_peer_access proxyssl deny all
cache_peer_access proxy deny CONNECT
cache_peer_access proxy allow all
...which informs Squid that even though both proxy definitions use the
same machine, they have different purposes, and defines what those
purposes are.
>From some tests we have run, we can tell that the Squid proxy is not
sending the proxy authorisation headers (username and password) to the
upstream proxy SSL proxy. I'm assuming this is due to a configuration
error.
The passwords for the two proxies (8080 and 443) are the same as they
always have been.
Can anyone gleam anything from that?
Cheers
Gareth
Chris
