Hello,
I'm having issues with the authentification. A request come from an other proxy
and squid manage the authentification over a databases and the caching.
The fake basic authentification and the databases authentification helper work
properly but I need to limit the retry to 3 and drop a forbidden in the following
case.
In the current configurations (see below.) we obtain a loop of prompt
authentification but never receive a 403 response. I have tried to use the
cache_peer_access statement with the cache_peer connect-fail-limit without success.
There is a misconfiguration ?
The connect-fail-limit is only on the connect state and in this case the ERR from
the helper will never be count as a fail for the cache_peer ?
Otherwise do you have any other solution ?
Thanks in advance for every clue that you can provide.
There is my conf (Squid 3.1.16):
cache_peer 127.0.0.1 parent 5200 0 no-query originserver connect-fail-limit=3
name=myPeer login=PASS
cache_peer_domain myPeer sub.myhostname.com
auth_param basic program /usr/share/squid/share/helper/auth_fake
auth_param basic realm "Authentification REALM"
external_acl_type ExternalAuth %SRC %LOGIN %>{Authorization} %>{Host} perl -wl
/usr/share/squid/share/helper/ExternalAuth.pl
acl auth_ext external ExternalAuth
acl auth_prox proxy_auth REQUIRED
cache_peer_access myPeer allow our_server auth_ext
cache_peer_access myPeer deny all
http_access deny !auth_ext
