I've looked at this before (during the v2.3/2.4 era) and now I'm convinced it's
possible, I just need to figure out the right way to do it...
Here's the situation:
* corporate network with only one way out, thru the firewall/parent cache
* Squid proxy must authenticate all requests with LDAP, log, [cache] and
fulfill the requests
* Squid proxy must forward the login/password info intact only for a certain
list of 40+ internal web servers which also require LDAP authentication
What I think I need:
* 'never_direct allow all' to force proxy to handle requests
* 'acl all proxy_auth REQUIRED' to force authentication on everything
* 'cache_peer firewall.my.net parent 80 7 default' for the non-ICP parent
cache/firewall
Now comes the confusing part...
* Do I need to specify each internal web server with a 'cache_peer ...
login=PASS' line individually?
* How do I tell Squid to use only that webserver (cache_peer) for that
destination? Does each webserver need it's own cache_peer_domain or
cache_peer_access line? ...And how?
TIA, ~eric
Received on Wed Jan 22 2003 - 13:53:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:47 MST