Search squid archive

Re: Forwarding loop detected issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ricardo Nuno wrote:
Hello Amos,

| I would have thought Squid->DG->Internet would be sufficient to meet those | needs. With the front squid doing cache+auth of stuff that gets past the | DG filtering. (and DG doing less work on cacheable things its already | scanned once).
I tried that too. But it does not work.

| | NP: Squid2 in your setup must NOT do any peering. Remember this is the | EXIT. All access is direct to the Internet. It's one and only client is | DG.
Yes. This solved the loop issue. Ans puting the cache_peer directive on
Squid1 with the "never_direct allow all".

| Don't include any unique stuff into both configs. | If you need usernames logged at Squid2 at all use the fakeauth helper and | LoggingOnly setup on that squid: | http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly
Now here lies my new problem. I do need to login UserName+IP on the access.log
of the Squid2(Cache). Now that the loop is fixed it stop recording the UserName
only record IP, like this:

1233913862.159      6 192.168.20.140 TCP_MISS/304 250 GET http://m80.clix.pt/styles/m80_txt.css - DIRECT/195.23.102.200 -

I tried to use fakeauth as you suggested but when I do auth stop working.
On IE it keeps asking for my credentials and just keep denying.
I follow the docs on Squid Wiki but i get this on the log:

2009/02/06 10:03:02| authenticateDecodeAuth: Unsupported or unconfigured proxy-auth scheme, 'Basic c2JhdGFsaGE6bm9wYXNzd29yZA=='

This is what I added on Squid2(Cache):

auth_param ntlm program /usr/lib/squid/fakeauth_auth -d -v
auth_param ntlm children 10
auth_param ntlm realm Proxy Server
auth_param ntlm credentialsttl 1 hours
auth_param ntlm casesensitive off

acl logauth proxy_auth REQUIRED
http_access deny !logauth all

I think that i'm not using fakeauth the right way or something.
In alternative i could use the access.log from Squid1(NTML) for my reports because here
i get UserName+IP but I think if I use this one i will get more false positives like alot
of the DENIED, or i'm wrong and should just use it?

Ah, okay, here is what I think is happening:
 Squid1 does the ntlm auth, and converts it to BasicAuth for DG.
So Squid2 gets the BasicAuth form. which means at Squid2 the other dummy_auth is needed to catch and log basic login details.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.5

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux