Mark Engels wrote: > Hello all, > > Im hopeing this is the place to come when seeking some assistance with a squid proxy configuration issue thats giving myself a little grief, and i certainly hope nothing like this has been asked before. > > The general idea of what im trying to accomplish is to have a end user enter their username and password credentials as they normaly would do, (there is quota enforcement and site blocking higher up that i have limited control over) and have it so that when a user say goes to www.educationalmaterial.com the local squid proxy users a pre defined username and password to access the material thus not charging the user quota download costs for accessing the material. > > The proxy server was supplied to us from head office with pre configured rules to work as a local cache. I hope to leave all the existing rules in place. also all our internet service must filter through this 1 provided proxy, we cannot source external internet or alternet proxies.. > > A portion of the configuration file is as below. > > ##### > > cache_peer proxy.site.com parent 8080 3130 no-query default login=PASS > auth_param digest children 5 > auth_param digest realm Squid proxy-caching web server > auth_param digest nonce_garbage_interval 5 minutes > auth_param digest nonce_max_duration 30 minutes > auth_param digest nonce_max_count 50 > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > acl block url_regex -i "d:/squid/var/logs/block.conf" > acl unblock url_regex -i "d:/squid/var/logs/unblock.conf" > acl nocache url_regex -i "d:/squid/var/logs/nocache.conf" > no_cache deny nocache > http_access deny block !unblock > http_access allow all > http_access deny all > http_reply_access allow all > > > ##### > i thought it would be a simple thing to make the required changes and started to aproach with adding the following > ##### > > cache_peer proxy.site.com parent 8080 3130 no-query login="free user":pa$$word name=free > cache_peer_access free allow free_sites > cache_peer_access free deny all > acl free_sites url_regex -i "d:/squid/var/logs/freesites.conf" > > ##### > > unfortunately this seemed to break the local cache and im not too sure where ive gone wrong. any help in this or even an alternate solution would be greatly apreciated. > You have the right idea. Thats how its done. But whitespace is not permitted in the parameter. What you have there is no password with username "free . > note: changed proxy name and user credentials for privacy reasons, and running squid 2.5 on local and upstream server. > Please see my sig... :) Your HQ provider may need to be made aware that there is no longer any official support for 2.5. The oldest fully supported version is now 2.7. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24 Current Beta Squid 3.1.0.16 Thankyou for your help amos :) unfortunately i doubt HQ will even consider changing this system under the current management as it effects tens of thousands of users... education ;-) perhaps you might be able to help again, all of our users must have a space in their account name. it is mandatory in account creation. would there be a way arround this? (perhaps %20 like in html?) i hope the solution isnt in the 3.0 version of squid or that a work arround for 2.5 might be available?
