Mark Engels wrote:
Hello all,
Im hopeing this is the place to come when seeking some assistance with a squid proxy configuration issue thats giving myself a little grief, and i certainly hope nothing like this has been asked before.
The general idea of what im trying to accomplish is to have a end user enter their username and password credentials as they normaly would do, (there is quota enforcement and site blocking higher up that i have limited control over) and have it so that when a user say goes to www.educationalmaterial.com the local squid proxy users a pre defined username and password to access the material thus not charging the user quota download costs for accessing the material.
The proxy server was supplied to us from head office with pre configured rules to work as a local cache. I hope to leave all the existing rules in place. also all our internet service must filter through this 1 provided proxy, we cannot source external internet or alternet proxies..
A portion of the configuration file is as below.
#####
cache_peer proxy.site.com parent 8080 3130 no-query default login=PASS
auth_param digest children 5
auth_param digest realm Squid proxy-caching web server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl block url_regex -i "d:/squid/var/logs/block.conf"
acl unblock url_regex -i "d:/squid/var/logs/unblock.conf"
acl nocache url_regex -i "d:/squid/var/logs/nocache.conf"
no_cache deny nocache
http_access deny block !unblock
http_access allow all
http_access deny all
http_reply_access allow all
#####
i thought it would be a simple thing to make the required changes and started to aproach with adding the following
#####
cache_peer proxy.site.com parent 8080 3130 no-query login="free user":pa$$word name=free
cache_peer_access free allow free_sites
cache_peer_access free deny all
acl free_sites url_regex -i "d:/squid/var/logs/freesites.conf"
#####
unfortunately this seemed to break the local cache and im not too sure where ive gone wrong. any help in this or even an alternate solution would be greatly apreciated.
You have the right idea. Thats how its done.
But whitespace is not permitted in the parameter.
What you have there is no password with username "free .
note: changed proxy name and user credentials for privacy reasons, and running squid 2.5 on local and upstream server.
Please see my sig... :)
Your HQ provider may need to be made aware that there is no longer any
official support for 2.5. The oldest fully supported version is now 2.7.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
Current Beta Squid 3.1.0.16