gje@xxxxxxxxxxxxxxxxx wrote:
Hi Chris,
Okay - I've followed those instructions and squid reloads the configuration file without any
issues.
To be clear, you are using the same domain name or IP address in both
definitions of the parent proxy, correct? You are no longer using the
"real" domain for one, and a fabricated domain (found only in the hosts
file), or a second DNS A record for the other.
Browsing on port 8080 works, but once again 443 is challenging me for my credentials even though I
have turned off all authentication.
Where did you turn off authentication? At the parent proxy, or in the
cache_peer definition?
The thing about squid is, it is selecting the correct proxy (or cache_peer), however, it is not
sending the proxy authentication headers (login details) to the upstream proxy in the case of the
HTTPS (CONNECT method) requests.
If you have removed the login=username:password argument from the
cache_peer directive, you won't (I think) get prompted for a password.
You'd just be denied by the upstream proxy for not providing
authentication credentials.
I have no idea why not, and suspect a bug/glitch in squid it's self. Could this be looked at? I'm
not sure how to do this. Or how I prove it it a bug.
I'll see if I can find the time to set up a test lab with a similar
setup (parent proxy listening on two ports, both require authentication,
child proxy using one port for SSL) and report back. Some days afford
more free time than others. :o)
Cheers
GJE
Chris
