At the moment I have squid setup to use NTLM authentication transparently, and control access to the internet based on active directory group membership. What I'd like to do now is have all traffic that doesn't originate from the localhost to go parent cache which is dansguardian on same machine. DG then of course redirects traffic back to squid which allows the traffic coming from localhost through to the net. So: Squid (NTLM auth) -> DG -> Squid -> Internet. What I don't understand is how to mix the http_access rules I'm currently wanting to use, with DG, since from what I can understand, the http_access is ignored as the traffic isn't actually going through, but rather be redirected to the parent proxy? Can I simply replace my http_access rules with cache_peer_access? Squid.conf snippets. http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 5 hours external_acl_type wb_group ttl=60 %LOGIN /usr/lib/squid/wbinfo_group.pl acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 cache_peer 127.0.0.1 parent 8080 3130 cache_peer_access 127.0.0.1 deny localhost always_direct allow localhost acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 443 563 # https acl FTP_ports port 21 # ftp acl Java_ports port 1026 acl Mail_ports port 25 110 # pop3, smtp acl adminpcs src "/etc/squid/adminpcs.txt" acl staff external wb_group Staff acl nonet external wb_group NoInternet acl students external wb_group wcstudents acl alllabs src "/etc/squid/alllabs.txt" acl firewall dst 192.168.0.9 acl enabledlabs src "/etc/squid/enabledlabs.txt" acl purge method PURGE acl CONNECT method CONNECT acl auth proxy_auth REQUIRED http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny nonet http_access allow admins FTP_ports http_access allow adminpcs all http_access allow Java_ports http_access allow staff Mail_ports http_access allow students Safe_ports enabledlabs !firewall http_access allow staff Safe_ports http_access deny all http_reply_access allow all icp_access allow all
