HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Server Operation (
-   -   Squid cache peer / authentication (

maeday 16th February 2010 03:13

Squid cache peer / authentication
Hello all,

Im hopeing this is the place to come when seeking some assistance with a squid proxy configuration issue thats giving myself a little grief, if this is the wrong area of the forum i do apologise in advance.

The general idea of what im trying to accomplish is to have a end user enter their username and password credentials as they normaly would do, (there is quota enforcement and site blocking higher up that i have limited control over) and have it so that when a user say goes to the local squid proxy users a pre defined username and password to access the material thus not charging the user quota download costs for accessing the material.

The proxy server was supplied to us from head office with pre configured rules to work as a local cache. I hope to leave all the existing rules in place. also all our internet service must filter through this 1 provided proxy, we cannot source external internet or alternet proxies..

A portion of the configuration file is as below.


cache_peer parent 8080 3130 no-query default login=PASS

auth_param digest children 5
auth_param digest realm Squid proxy-caching web server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443 563
acl Safe_ports port 80                # http
acl Safe_ports port 21                # ftp
acl Safe_ports port 443 563        # https, snews
acl Safe_ports port 70                # gopher
acl Safe_ports port 210                # wais
acl Safe_ports port 1025-65535        # unregistered ports
acl Safe_ports port 280                # http-mgmt
acl Safe_ports port 488                # gss-http
acl Safe_ports port 591                # filemaker
acl Safe_ports port 777                # multiling http

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl block url_regex -i "d:/squid/var/logs/block.conf"
acl unblock url_regex -i "d:/squid/var/logs/unblock.conf"
acl nocache url_regex -i "d:/squid/var/logs/nocache.conf"

no_cache deny nocache

http_access deny block !unblock
http_access allow all

http_access deny all

http_reply_access allow all

i thought it would be a simple thing to make the required changes and started to aproach with adding the following


cache_peer parent 8080 3130 no-query login="free user":pa$$word name=free
cache_peer_access free allow free_sites
cache_peer_access free deny all

acl free_sites url_regex -i "d:/squid/var/logs/freesites.conf"

unfortunately this seemed to break the local cache and im not too sure where ive gone wrong. any help in this or even an alternate solution would be greatly apreciated.

note: changed proxy name and user credentials for privacy reasons, and running squid 2.5 on local and upstream server.

All times are GMT +2. The time now is 01:30.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.