[squid-users] reverse proxy caching authenticated sites

Hello all,

What I am trying to do is have two reverse proxies to share data and
cache sites that need authentication as well. With your help previously
I completed the first task so the two proxies now share caches and I can
see the "SIBLING_HIT"s on the logs (that make me very happy).

What I did notice though is that the sites that required authentication
(apache simple authentication) do not get cached or something..
(TCP_MISS:FIRST_UP_PARENT) even though I just visited the site using the
1st cache and trying to see it with the 2nd cache (so I can get a
SIBLING_HIT)

Any help will be much appreciated :)

This is the config:

# NETWORK OPTIONS
#
-----------------------------------------------------------------------------
http_port 80 accel defaultsite=www.domain.com vhost
visible_hostname www.domain.com
unique_hostname cache1.domain.com
offline_mode off
icp_port 3130
request_body_max_size 1250 KB

# OPTIONS WHICH AFFECT THE CACHE SIZE
#
-----------------------------------------------------------------------------
cache_mem 1024 MB
maximum_object_size 8 MB
maximum_object_size_in_memory 256 KB

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#
-----------------------------------------------------------------------------
cache_dir aufs /var/cache/squid 61440 16 256
emulate_httpd_log on
logfile_rotate 100
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
debug_options ALL,1,33,3,20,3

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#
-----------------------------------------------------------------------------
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

# OPTIONS FOR TUNING THE CACHE
#
-----------------------------------------------------------------------------
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.css 1440 50% 2880 override-expire
refresh_pattern -i \.swf 1440 50% 2880 ignore-reload
override-expire
refresh_pattern . 1440 50% 4320 override-expire

# ACCESS CONTROLS
#
-----------------------------------------------------------------------------

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl purge method PURGE
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# reverce-proxy configuration
#
-----------------------------------------------------------------------------

cache_peer 10.1.87.218 sibling 80 3130 proxy-only no-digest
no-netdb-exchange

cache_peer 10.1.87.100 parent 80 0 no-query no-netdb-exchange
originserver no-digest name=istos_srv login=PASS
acl sites_www dstdomain www.domain.com
acl sites_www dstdomain domain.com
acl sites_www dstdomain test.domain.com
acl from_cache2 src 10.1.87.218
http_access allow sites_www
cache_peer_access istos_srv allow sites_www
cache_peer_access istos_srv deny from_cache2
cache_peer_access istos_srv deny all

cache_peer 10.1.87.208 parent 80 0 no-query originserver no-digest
name=helios login=PASS
acl sites_helios dstdomain helios.domain.com
http_access allow sites_helios
cache_peer_access helios allow sites_helios
cache_peer_access helios deny from_cache2
cache_peer_access helios deny all

# forward-proxy security restrictions
#
-----------------------------------------------------------------------------

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

http_reply_access allow all
acl cache2 src 10.1.87.218
icp_access allow cache2
icp_access deny all

# ADMINISTRATIVE PARAMETERS
#
-----------------------------------------------------------------------------

shutdown_lifetime 6 second
httpd_suppress_version_string on
cache_mgr cachemgr_at_domain.com

# ICP OPTIONS
#
-----------------------------------------------------------------------------

log_icp_queries on

# MISCELLANEOUS
#
-----------------------------------------------------------------------------

memory_pools_limit 1024 MB

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
#
-----------------------------------------------------------------------------

coredump_dir /var/spool/squid

-----------------------------------------------------------------------------

Kind regards,

Nik

-- 
Nikolaos Pavlidis BSc (Hons) MBCS NCLP CEH CHFI
Systems Administrator
University Of Bedfordshire
Park Square LU1 3JU
Luton, Beds, UK
Tel: +441582489277 (Ext 2277)