-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thx again for the help, Henrik
> localhost is not in your list of sites/domains to forward to the
> SERVICES cache_peer...
>
> but most do not want this.. they want localhost services to be
> restricted to browsers running on the same box, not random clients out
> anywhere on the net..
>
That was mainly intended for test purposes, but meanwhile, I just edited
my /etc/hosts for testing, and my current setup seems to work nice
concerning this.
> You need to tell Squid that the peer is trusted for forwarding login
> credentials. See the login= option to cache_peer.
>
That was exactly what was missing, and this works nice now, too.
But I'm still not finished yet :)
Now, I added a parent proxy and proxy-authentication to the forwarding
proxy configuration, and the new problem is, that when I use the
instance as proxy now, I'm prompted for authentication for every host I
visit/connect to.
It looks like the browser (Firefox) sees the proxy authentication as
basic HTTP authentication on every site.
Here are the importan parts of my current configuration:
http_port 80 accel
cache_peer 127.0.0.1 parent 7070 0 no-query originserver login=PASS
name=SERVICES
acl FOO dstdomain www.example.net
cache_peer_access SERVICES allow FOO
cache_peer_access SERVICES deny all
acl CONNECT method CONNECT
never_direct allow FOO !CONNECT
auth_param basic program /usr/lib/squid/db_auth --user user --password
pass --plaintext --persist
auth_param basic children 5
auth_param basic realm Proxy-Auth
auth_param basic credentialsttl 1 minute
auth_param basic casesensitive off
acl db-auth proxy_auth REQUIRED
[...]
http_access allow db-auth
http_access allow localhost
http_access deny all
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
cache_peer 127.0.0.1 parent 9090 0 no-query name=PROXY
cache_peer_access PROXY allow db-auth
Any ideas why the authentication is regarded as basic HTTP by the browser ?
- --
Linkwerk - Software und Beratung f�r vernetzte Information
Telefon: +49 40 69 66 48 14
Web: www.linkwerk.com
Linkwerk GmbH, Oberaltenallee 20a, 22081 Hamburg,
Handelsregister Hamburg, HRB 95084
Gesch�ftsf�hrer: Stefan Mintert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkuFRW8ACgkQSm4S1ty9BPVzDgCgqs7FgqBPaiUKd3TgTxSIPedp
WyoAoKiu/FZmNkJmyC/AatArqV98sgBg
=TmxF
-----END PGP SIGNATURE-----
Received on Wed Feb 24 2010 - 15:27:45 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 26 2010 - 12:00:11 MST