-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thx again for the help, Henrik > localhost is not in your list of sites/domains to forward to the > SERVICES cache_peer... > > but most do not want this.. they want localhost services to be > restricted to browsers running on the same box, not random clients out > anywhere on the net.. > That was mainly intended for test purposes, but meanwhile, I just edited my /etc/hosts for testing, and my current setup seems to work nice concerning this. > You need to tell Squid that the peer is trusted for forwarding login > credentials. See the login= option to cache_peer. > That was exactly what was missing, and this works nice now, too. But I'm still not finished yet :) Now, I added a parent proxy and proxy-authentication to the forwarding proxy configuration, and the new problem is, that when I use the instance as proxy now, I'm prompted for authentication for every host I visit/connect to. It looks like the browser (Firefox) sees the proxy authentication as basic HTTP authentication on every site. Here are the importan parts of my current configuration: http_port 80 accel cache_peer 127.0.0.1 parent 7070 0 no-query originserver login=PASS name=SERVICES acl FOO dstdomain www.example.net cache_peer_access SERVICES allow FOO cache_peer_access SERVICES deny all acl CONNECT method CONNECT never_direct allow FOO !CONNECT auth_param basic program /usr/lib/squid/db_auth --user user --password pass --plaintext --persist auth_param basic children 5 auth_param basic realm Proxy-Auth auth_param basic credentialsttl 1 minute auth_param basic casesensitive off acl db-auth proxy_auth REQUIRED [...] http_access allow db-auth http_access allow localhost http_access deny all http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all icp_access allow all cache_peer 127.0.0.1 parent 9090 0 no-query name=PROXY cache_peer_access PROXY allow db-auth Any ideas why the authentication is regarded as basic HTTP by the browser ? - -- Linkwerk - Software und Beratung für vernetzte Information Telefon: +49 40 69 66 48 14 Web: www.linkwerk.com Linkwerk GmbH, Oberaltenallee 20a, 22081 Hamburg, Handelsregister Hamburg, HRB 95084 Geschäftsführer: Stefan Mintert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkuFRW8ACgkQSm4S1ty9BPVzDgCgqs7FgqBPaiUKd3TgTxSIPedp WyoAoKiu/FZmNkJmyC/AatArqV98sgBg =TmxF -----END PGP SIGNATURE-----
