Hi, That will work, now that you have removed the proxy-only statement.
Thanks Doron -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 25 November 2003 01:08 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [squid-users] Can Microsoft Proxy be the Parent http server on port 80 - Additional notes Doron / Henrik / List, Just to verify - I want Squid to 'suck' its cache objects out of the upstream Microsoft proxy server for storage or serving to the Web browser clients. I dont neccessarily want to pass the client on to the MS Proxy Server - however if that is possibhle then I would like to try/know how that is possible. Any sign that Squid can do the proxy job will help me leverage this product into my company. I am guessing I will need to find out what the firewall port and IP are though - has anyone done this before (using an MS Proxy as the upstream server). I have changed my cache_peer line to: cache_peer msproxy.goodyear.co.za parent 80 0 default no-query login=neib091:101dalmations connect-timeout=15 But when I try and open say: http://www.google.com/ in my Internet Explorer web browser (which points to squid.goodyear.co.za:8080) the browser hangs with a slow progress bar for about 5 to 10 minutes before timing out. Viva Linux ;) Jonathan Hughes Tech Support Specialist Goodyear South Africa P +27 41 9946 247 F +27 41 9946 243 E [EMAIL PROTECTED] H A M O X A N : I E L : : "Doron Shmaryahu" To: <[EMAIL PROTECTED]> <[EMAIL PROTECTED] cc: > Subject: RE: [squid-users] Can Microsoft Proxy be the Parent http server on port 80 - Attached sample of my code 2003/11/25 07:57 AM Hi, You may want to set the icp port to 0 as ms proxy wont listen for it. The icp_port you have set is for squid itself to listen on, where you have your statement: cache_peer zaproxy.goodyear.co.za parent 80 3130 proxy-only login=MyNT_Logon_ID:MyNT_Logon_Pass connect-timeout=15 Change to cache_peer zaproxy.goodyear.co.za parent 80 0 proxy-only login=MyNT_Logon_ID:MyNT_Logon_Pass connect-timeout=15 Also must the upstream proxy be the default parent ? Do you want to forward all requests to the upstream proxy, otherwise the way you have it now, if squid queries the upstream proxy it wont get a answer, and will bypass the parent. Use cache_peer zaproxy.goodyear.co.za parent 80 0 default login=MyNT_Logon_ID:MyNT_Logon_Pass connect-timeout=15 By using the proxy-only statement your squid machine will not cache anything !! Doron -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 25 November 2003 11:34 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [squid-users] Can Microsoft Proxy be the Parent http server on port 80 - Attached sample of my code Doron, No problem, here is a sample of my settings in my squid.conf file: ---------------------- START CODE SNIPPET ---------------------- http_port 3128 8080 icp_port 0 ##disabled - dont think MS Proxy supports this ??? cache_peer zaproxy.goodyear.co.za parent 80 3130 proxy-only login=MyNT_Logon_ID:MyNT_Logon_Pass connect-timeout=15 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY hierarchy_stoplist cgi-bin ? cache_dir ufs /var/spool/squid 100 16 256 ftp_user [EMAIL PROTECTED] auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports acl mynetworks src 160.122.0.0/255.255.0.0 http_access allow mynetworks icp_access allow mynetworks http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all cache_mgr root cache_effective_user squid cache_effective_group squid ... etc ... ---------------------- END CODE SNIPPET ---------------------- I think that covers all the primary settings. I have changed only the proxy parent 'upstream', have added custom acl as seen above and have added port 8080 as an additional port Squid will serve its cache to clients on. My aceess control seems fine as I do not get the denied message I used to get. If I logon to windows NT with a username and password that is approved for internet access then the existing MS proxy allows seamless web browsing - otherwise the user needs to enter this authentication information to browse the web (so users who do not have approved access cannot browse the web). Any help appreciated, thanks, Jonathan Hughes Tech Support Specialist Goodyear South Africa "Doron Shmaryahu" To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> <[EMAIL PROTECTED] cc: > Subject: RE: [squid-users] Can Microsoft Proxy be the Parent http server on port 80 2003/11/25 06:37 AM Hi, When you say you are having trouble what exacly does it not do. Also could you post you portion of your squid.conf file. Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 25 November 2003 10:07 AM To: [EMAIL PROTECTED] Subject: Re: [squid-users] Can Microsoft Proxy be the Parent http server on port 80 Hi List, I need to install Squid server with the intention of using it to replace Microsoft Proxy Server and ISA Proxy Server. I have the basic daemon squid.conf and access control lists working (or so it appears - squid -k parse generates no errors). However I am having trouble configuring the parent or root Proxy server as my squid install's parent. If I can prove Squid works by placing it downstream from the existing proxy server on our LAN and using the existing MS proxy as the Web content supplier to the Squid cache (The MS proxy server is called 'upstream server') then we maymigrate to Squid for our entire org. I am running: Squid2.5 Stable1 Server OS: Red Hat Linux 9.0 MS Parent Proxy: msproxy.goodyear.co.za Squid Server: cache.goodyear.co.za Any suggestions, or simple pointers will be appreciated. I have refrence material and full printouts of config files etc. Thanks in advance and keep well, Jonathan Hughes Tech Support Specialist Goodyear South Africa P +27 41 9946 247 F +27 41 9946 243 E [EMAIL PROTECTED] H A M O X A N : I E L : : |--------------------------------------------------------------------------| |The information in this e-mail contains confidential and / or |proprietary | |information and is intended solely for the addressee. Access to this | |e-mail by anyone else is unauthorised and may not be copied or | |disseminated without the express consent of The Goodyear Tire & Rubber | |Company or one of its subsidiaries. If you are not the intended |recipient, | |any disclosure, copying, distribution or any action taken or omitted in | |reliance on this, is prohibited and may be unlawful. Whilst all reasonable| |steps are taken to ensure the accuracy and integrity of information and | |data transmitted electronically and to preserve the confidentiality | |thereof, no liability or responsibility whatsoever is accepted if | |information or data is, for whatever reason, corrupted or does not |reach | |its intended destination. | |--------------------------------------------------------------------------|
