Here is the up­dat­ed ver­sion of my pre­vi­ous au­then­ti­cat­ing/for­ward­ing Squid 3 con­fig. It adds some things and fix­es some things. In par­tic­u­lar, the peer ex­clu­sion rules from the pre­vi­ous con­fig were not work­ing – this one should cor­rect­ly not use the par­ent prox­ies when query­ing “lo­cal ad­dress­es”. As be­fore, the con­fig­u­ra­tion file con­tains two proxy servers for load bal­anc­ing; it can be ex­tend­ed easi­ly to in­clude more. Here it is for your en­joy­ment:

cache_ef­fec­tive_user proxy
cache_ef­fec­tive_group proxy

http_port 3128
http_ac­cess al­low all

acl lo­cal_ips dst 127.0.0.0/8 192.168.0.0/24 10.10.0.0/16
acl lo­cal_servers dst­do­main lo­cal­host my.lo­cal.do­main
nev­er_di­rect al­low all
al­ways_di­rect al­low lo­cal_ips
al­ways_di­rect al­low lo­cal_servers

acl http-on­ly port 80
cache_peer first­Proxy.site.com par­ent 3128 3190 no-query proxy-on­ly login=User­name:Pass­word name=prx1
cache_peer sec­ond­Proxy.site.com par­ent 3128 3190 no-query proxy-on­ly login=User­name:Pass­word de­fault name=prx2

# This makes on­ly HTTP load bal­anced
cache_peer_ac­cess prx1 deny all
cache_peer_ac­cess prx1 al­low http-on­ly
cache_peer_ac­cess prx2 al­low all

# Re­in­force­ment of di­rect rules
cache_peer_ac­cess prx1 deny lo­cal_ips
cache_peer_ac­cess prx1 deny lo­cal_servers
cache_peer_ac­cess prx2 deny lo­cal_ips
cache_peer_ac­cess prx2 deny lo­cal_servers

# Some time­outs
con­nect_time­out 8 sec­onds
peer_con­nect_time­out 3 sec­onds

hier­ar­chy_sto­plist cgi-bin ?

cache_mem 64 MB
max­i­mum_ob­ject_size_in_mem­o­ry 64 KB

cache_re­place­ment_pol­i­cy heap GDSF
cache_dir aufs /var/spool/squid3 6000 16 256  # Make sure to check this path
max­i­mum_ob­ject_size 16384 KB

ac­cess_log /var/log/squid3/ac­cess.log squid  # Make sure to check this path

shut­down_life­time 3 sec­onds

de­bug_op­tions ALL,1