Volker Jahns wrote:
Hi all.
I don't know which headline is the best one, so sorry for probably a bad
one.
What is the problem?
I want work with two (or more) squid proxies called P1 and P2 (perhaps two
or three P2 kind server). But first it should work with simply one P2
server.
P1: The task for P1 is authorization in our HQ for all users. Even for the
users in the branches.
P2: The task for P2 is cashing only at the internet interface somewhere in
the network after P1 accept the authorization in the HQ also for the users
in the branches and moves the request direct to the requesting client.
Every branch is at least one network plus the HQ network. For reducing the
traffic in the whole network I want, that P2 sends the requested pages from
the internet or its own cache to branch and not via P1 in the HQ. The
background: no senseless traffic at the HQ gateway.
A short data flow the usual way:
Branch client x --> authorization HQ (P1) --> forward request --> internet
gateway (P2) --> get request internet or cache (P2) --> deliver page --> P1
--> deliver page client x Branch
A short data flow example how it should work:
Branch client x --> authorization HQ (P1) --> forward request --> internet
gateway (P2) --> get request internet or cache (P2) --> deliver page -->
client x Branch
The difference seems to be small but it is important.
First question for general: does it work?
So, for example, your P1 proxy has an IP address of 10.0.0.5 and your P2
proxy has an IP address of 10.10.10.5. Your client (10.20.20.200) makes
a request for a web object from 10.0.0.5 and (since it has already made
a request and "knows" that authentication is required) sends it's
authentication credentials. 10.0.0.5 sends the request to 10.10.10.5.
There is no way for 10.10.10.5 to send a reply to 10.20.20.200, as there
is no TCP connection to send the reply on.
Second question if it works: how do I configure this?
Your best bet would be to just send your clients to the P2 server, and
let it pull the authentication from the source currently being used by
the P1 server.
Until now I have P1 configured as sibling with a second cache (P2) as
parent, acting as origin server with no via and no http11.
Wait, what? You have a forward proxy going to a reverse proxy, which is
accelerating the entire internet, while stripping the Via header?
The authorization on P1 works and P2 try to get the requested page. But in fact
on the way
from P1 to P2 the URI header information (simply a "/" was left) is lost and
in the end it does not working jet.
I imagine it's not...
Hope someone could help.
Volker
Chris
