[squid-users] help setting up hierarchy

Alex Samad alex at samad.com.au
Sun Mar 15 22:26:10 UTC 2015


Sorry gmail sent before I could finish

On 16 March 2015 at 09:24, Alex Samad <alex at samad.com.au> wrote:
> Hi
> I have 2 squid boxes that exist in my 2 DC.
> They are on the same vlan/ ip network and i use dns round robin
> cache_peer <other> sibling 3128 3130 proxy-only
> in  addition to this I added in
> acl icp_allowed src << the ip of the other squid box to allow icp
> http_access allow icp_allowed << need to allow this so that squid -a
> can request from squid-b with out authenticating (do I need todo this)
> icp_port 3130
> icp_access allow icp_allowed
> icp_access deny all
> these are running squid-3.1.10-29.el6.x86_64
> my new box (in the office) is running
> squid-3.4.10-1.el6.x86_64
> cache_peer squid-b parent 3128 0 weighted-round-robin weight=5
> cache_peer squid-a parent 3128 0 weighted-round-robin weight=2
> I had to turn on ICP I kept seeing error of not allowed !
> We have authenticated access to the proxy, usually via ntlm so all
> requests are logged against a user.
> I do have some boxes that need unauthenticated access
> Config questions
> 1) how to I get user authentication to flow through
>   if a user requests from squid-a and it takes it from squid-b. I
> would like the user id's logged on both
>   if a user requests from new squid to either squid-a or squid-b. I
> would like the auth (which would be done on new-squid) to flow through
> to either squid-a or squid-b.
2) how do I setup ICP to work properly
3) is the cache_peer to squid-a squid-b from new-squid type parent ?
4) do I need to allow ICP clients full access, this is the squid-a to
squid-b link ?

More information about the squid-users mailing list