Hi Sorry gmail sent before I could finish On 16 March 2015 at 09:24, Alex Samad <alex@xxxxxxxxxxxx> wrote: > Hi > > I have 2 squid boxes that exist in my 2 DC. > > They are on the same vlan/ ip network and i use dns round robin > > cache_peer <other> sibling 3128 3130 proxy-only > > in addition to this I added in > > > # ICP ALLOW > acl icp_allowed src 10.3.2.1/32 << the ip of the other squid box to allow icp > > > http_access allow icp_allowed << need to allow this so that squid -a > can request from squid-b with out authenticating (do I need todo this) > > icp_port 3130 > icp_access allow icp_allowed > icp_access deny all > > these are running squid-3.1.10-29.el6.x86_64 > > my new box (in the office) is running > squid-3.4.10-1.el6.x86_64 > > cache_peer squid-b parent 3128 0 weighted-round-robin weight=5 > cache_peer squid-a parent 3128 0 weighted-round-robin weight=2 > > I had to turn on ICP I kept seeing error of not allowed ! > > We have authenticated access to the proxy, usually via ntlm so all > requests are logged against a user. > > I do have some boxes that need unauthenticated access > > Config questions > 1) how to I get user authentication to flow through > if a user requests from squid-a and it takes it from squid-b. I > would like the user id's logged on both > if a user requests from new squid to either squid-a or squid-b. I > would like the auth (which would be done on new-squid) to flow through > to either squid-a or squid-b. 2) how do I setup ICP to work properly 3) is the cache_peer to squid-a squid-b from new-squid type parent ? 4) do I need to allow ICP clients full access, this is the squid-a to squid-b link ? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
