Search squid archive

Re: cache_peer - multiple ones

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Chris,

Okay - I've followed those instructions and squid reloads the configuration file without any 
issues.

Browsing on port 8080 works, but once again 443 is challenging me for my credentials even though I 
have turned off all authentication.

The thing about squid is, it is selecting the correct proxy (or cache_peer), however, it is not 
sending the proxy authentication headers (login details) to the upstream proxy in the case of the 
HTTPS (CONNECT method) requests.

I have no idea why not, and suspect a bug/glitch in squid it's self. Could this be looked at? I'm 
not sure how to do this. Or how I prove it it a bug.

Cheers

GJE

On Fri May  4  0:08 , Chris Robertson <crobertson@xxxxxxx> sent:

>Gareth Edmondson wrote:
>> Hi Amos
>>
>> Thanks for that. The lines are as follows:
>>
>> #TAG: cache_peer_access
>> cache_peer_access proxyssl allow CONNECT
>> cache_peer_access proxyssl deny all
>> cache_peer_access  deny CONNECT
>> cache_peer_access  allow all
>>
>> As for the cache_peer lines they are as follows:
>>
>> #TAG: cache_peer
>> cache_peer  parent 8080 7 no-digest no-query 
>> no-net-db-exchange default login=username:password
>> cache_peer proxyssl parent 443 no-digest no-query no-net-db-exchange 
>> default login=username:password
>>
>> Where username and password are our values. proxyssl is defined in the 
>> hosts file because I don't quite understand how to use the name= tag 
>> in Squid (I must read up about it).
>
>That would be the reason you are being prompted for password a second 
>time.  Squid has no way of knowing that these are the same upstream proxy.
>
>What you want to do is...
>
>cache_peer  parent 8080 7 no-digest no-query 
>no-net-db-exchange default login=username:password name=proxy
>cache_peer  parent 443 7 no-digest no-query 
>no-net-db-exchange default login=username:password name=proxyssl
>
>cache_peer_access proxyssl allow CONNECT
>cache_peer_access proxyssl deny all
>cache_peer_access proxy deny CONNECT
>cache_peer_access proxy allow all
>
>...which informs Squid that even though both proxy definitions use the 
>same machine, they have different purposes, and defines what those 
>purposes are.
>
>>
>> >From some tests we have run, we can tell that the Squid proxy is not 
>> sending the proxy authorisation headers (username and password) to the 
>> upstream proxy SSL proxy. I'm assuming this is due to a configuration 
>> error.
>>
>> The passwords for the two proxies (8080 and 443) are the same as they 
>> always have been.
>>
>> Can anyone gleam anything from that?
>>
>> Cheers
>>
>> Gareth
>
>Chris




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux