Kaya Saman wrote:
Many thanks for the response!!
From
http://www.squid-cache.org/Versions/v2/2.6/cfgman/cache_peer.html...
use 'login=PASS' if users must authenticate against the upstream
proxy or in the case of a reverse proxy configuration, the origin web
server. This will pass the users credentials as they are to the
peer. Note: To combine this with local authentication the Basic
authentication scheme must be used, and both servers must share the
same user database as HTTP only allows for a single login (one for
proxy, one for origin server). Also be warned this will expose your
users proxy password to the peer. USE WITH CAUTION
You mean use something like:
cache_peer parent.foo.net parent 3128 3130 proxy-only default proxy=PASS
???
Yes.
I took my config from here originally:
http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers
with this layout of syntax:
[code]
cache_peer ip.of.server1 parent 80 0 no-query originserver name=server_1
acl sites_server_1 dstdomain www.example.com example.com
cache_peer_access server_1 allow sites_server_1
cache_peer ip.of.server2 parent 80 0 no-query originserver name=server_2
acl sites_server_2 dstdomain www.example.net download.example.com
.example.net
cache_peer_access server_2 allow sites_server_2
[/code]
so for my setup I would need to do this I guess:
[code]
cache_peer ip.of.server1 parent 80 0 no-query proxy=PASS originserver
name=server_1
acl sites_server_1 dstdomain www.example.com example.com
cache_peer_access server_1 allow sites_server_1
[/config]
unless I misunderstood the whole deal???
You seem to understand quite well. :o)
And change that password everywhere it's used. :o) Basic
authentication just encodes the credentials using Base64, which is
reversible.
You mean change the password now that the encrypted string has been
opened up to the list??
Yes.
Kaya
Chris
