I have setup a reverse proxy which prompts for a password if the client is not on our LAN. I am not sure as to the proper setting of auth_param basic children. I set it to 2 since we will have around 75 users hitting the site from our LAN but probably fewer than 10 simultanious users from the outside. I'm just not sure if I'm correctly understanding how often the helper is actually used by Squid. Is auth_param basic children only important when a user is actually prompted for a password? Or, is the authentication used everytime a client requests pages from Squid? Does it matter if the client in on our LAN or not? Thanks! Andrew ---squid.conf--------------- http_port my_ip:80 defaultsite=webserver.company.com https_port my_ip:443 cert=/etc/apache2/ssl/webserver.company.com.cert key=/etc/apache2/ssl/webserver.company.com.key defaultsite=webserver.company.com #redirects all http traffic to https acl port80 myport 80 deny_info https://webserver.company.com port80 http_access deny port80 #reverse proxy cache_peer webserver.company.com parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=myAccel acl our_sites dstdomain webserver.company.com acl all src 0.0.0.0/0.0.0.0 auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=company,dc=com" -D "cn=squid_user,cn=Users,dc=company,dc=com" -w "password" -f sAMAccountName=%s -h 192.168.1.2 auth_param basic children 2 auth_param basic realm Our web site auth_param basic credentialsttl 2 hours #these networks can access webserver without authenticating acl trusted_nets src 192.168.1.0/24 acl ldap_users proxy_auth REQUIRED http_access allow trusted_nets our_sites http_access allow ldap_users our_sites cache_peer_access myAccel allow our_sites cache_peer_access myAccel deny all never_direct allow our_sites ----------------------
