Hello Amos, | I would have thought Squid->DG->Internet would be sufficient to meet those | needs. With the front squid doing cache+auth of stuff that gets past the | DG filtering. (and DG doing less work on cacheable things its already | scanned once). I tried that too. But it does not work. | | NP: Squid2 in your setup must NOT do any peering. Remember this is the | EXIT. All access is direct to the Internet. It's one and only client is | DG. Yes. This solved the loop issue. Ans puting the cache_peer directive on Squid1 with the "never_direct allow all". | Don't include any unique stuff into both configs. | If you need usernames logged at Squid2 at all use the fakeauth helper and | LoggingOnly setup on that squid: | http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly Now here lies my new problem. I do need to login UserName+IP on the access.log of the Squid2(Cache). Now that the loop is fixed it stop recording the UserName only record IP, like this: 1233913862.159 6 192.168.20.140 TCP_MISS/304 250 GET http://m80.clix.pt/styles/m80_txt.css - DIRECT/195.23.102.200 - I tried to use fakeauth as you suggested but when I do auth stop working. On IE it keeps asking for my credentials and just keep denying. I follow the docs on Squid Wiki but i get this on the log: 2009/02/06 10:03:02| authenticateDecodeAuth: Unsupported or unconfigured proxy-auth scheme, 'Basic c2JhdGFsaGE6bm9wYXNzd29yZA==' This is what I added on Squid2(Cache): auth_param ntlm program /usr/lib/squid/fakeauth_auth -d -v auth_param ntlm children 10 auth_param ntlm realm Proxy Server auth_param ntlm credentialsttl 1 hours auth_param ntlm casesensitive off acl logauth proxy_auth REQUIRED http_access deny !logauth all I think that i'm not using fakeauth the right way or something. In alternative i could use the access.log from Squid1(NTML) for my reports because here i get UserName+IP but I think if I use this one i will get more false positives like alot of the DENIED, or i'm wrong and should just use it? Thanks for all your help, -- RIcardo
