[squid-users] help setting up hierarchy

Alex Samad alex at samad.com.au
Sun Mar 15 22:24:34 UTC 2015


I have 2 squid boxes that exist in my 2 DC.

They are on the same vlan/ ip network and i use dns round robin

cache_peer <other> sibling 3128 3130 proxy-only

in  addition to this I added in

acl icp_allowed src << the ip of the other squid box to allow icp

http_access allow icp_allowed << need to allow this so that squid -a
can request from squid-b with out authenticating (do I need todo this)

icp_port 3130
icp_access allow icp_allowed
icp_access deny all

these are running squid-3.1.10-29.el6.x86_64

my new box (in the office) is running

cache_peer squid-b parent 3128 0 weighted-round-robin weight=5
cache_peer squid-a parent 3128 0 weighted-round-robin weight=2

I had to turn on ICP I kept seeing error of not allowed !

We have authenticated access to the proxy, usually via ntlm so all
requests are logged against a user.

I do have some boxes that need unauthenticated access

Config questions
1) how to I get user authentication to flow through
  if a user requests from squid-a and it takes it from squid-b. I
would like the user id's logged on both
  if a user requests from new squid to either squid-a or squid-b. I
would like the auth (which would be done on new-squid) to flow through
to either squid-a or squid-b.

More information about the squid-users mailing list