Hi guys, I have 2 squid boxes working good alone. My customer ask me to balance them using his BIGIP F5. The fact is that when I balance them without percistance I got this at log (on both servers): 1214974554.906 0 99.90.40.253 TCP_DENIED/407 3249 GET http://www.presidencia.gob.mx/imgs/edomayor_over.gif a2 NONE/- text/html if we use percistance, it works, but we can stop using of sharing usernames. Balancig schema is like this: user -> balancer f5 -> squid1 \->squid2 Squid is configured with LDAP-digest auth. My config: auth_param digest program /usr/lib/squid/digest_ldap_auth -b "o=SAT" -u "cn" - A "l" -D "cn=Manager,o=SAAX" -w %XXXr(o -v 3 -h 127.0.0.1 -e auth_param digest children 5 auth_param digest realm SAAX auth_param digest nonce_garbage_interval 5 minutes auth_param digest nonce_max_duration 30 minutes auth_param digest nonce_max_count 50 authenticate_ip_ttl 600 seconds acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl ip_users max_user_ip -s 1 acl proxy_users proxy_auth REQUIRED http_access deny ip_users http_access allow proxy_users icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 10.10.60.239:3128 cache_peer 127.0.0.1 parent 8080 0 default hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 shutdown_lifetime 5 seconds cache_effective_user squid cache_effective_group squid visible_hostname squid.sat.gob.mx unique_hostname squid.sat.gob.mx client_persistent_connections off server_persistent_connections off icp_port 3130 error_directory /etc/squid/errors icap_enable on icap_send_client_username on icap_service satreq reqmod_precache 0 http://10.10.60.40:1344/reqmod icap_class icapsat satreq icap_class icapsat2 satreq2 forwarded_for on coredump_dir /var/spool/squid any comments? Regards
