On Thu, 2005-11-24 at 10:22 -0200, Augusto Hagiro Pascutti - TBON3 wrote: > Bom Dia,
'dia! Obrigado por responder! Eu não assino mais a D-U-P, portanto agradeço se vocês responderem Cc para mim :-) > A questão da transparência e de setar o proxy no navegador é a mesma > coisa; você precisa redirecionar a porta 80 para a porta que você > configurou no squid através de IPtables; se eu não me engano, fica > algo assim: Ah sim, eu ja fiz isso! O problema é que a autenticação não funciona quando você tem um proxy transparente... é uma coisa OU outra :-( Andei pesquisando sobre isso e achei uns links que talvez interesses a vocês, porém, minha interpretação não foi muito boa... gostaria que vocês interpretassem isso: ======================================================================= Authentication in accelerator mode [1] Authentication is by default disabled in acceleartor mode in Squid-2.X due to conflicts with transparent interception. To enable this feature, at the top of acl.c add the following line: #define AUTH_ON_ACCELERATION 1 Then "make install". This feature is somewhat hidden because * It hasn't been fully thought over yet. There are issues in caching when combined with authentication, and more so when there is also authentication to the backend servers.. * It easilly collides with transparent proxying, and many people simply refuses to read warnings that a feature cannot be used in a transparent proxy and try so anyhow. The whole concept of "acceleration" in Squid is currently being reworked for the Squid-3.0 release to fix this and a number of other issues. ======================================================================= Lembrando que ativamos o proxy transparente com essas linhas: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on E tenho umas linhas nos logs assim: aclAuthenticated: authentication not applicable on accelerated requests. Lendo o ReleaseNotes[2] do Squid 3.0 Beta, achei isso: ======================================================================= Cleanup of the relation between accelerated request and transparently intercepted request. The two are now handled separately from each other. This fixes two issues: * Transparently intercepted requests is no longer under the restrictions of accelerated requests in peering relations etc.. * No risk of confusion in authentication. Authentication is now allowed for accelerated requests but not transparently intercepted requests. * Accelerator mode cleaned up, using the design from the rproxy development branch * The httpd_accel_* directives is now gone, replaced by http(s)_port options and cache_peer based request forwarding. * The http(s)_port options has a list of new options for controlling the type and mode of port created with respect to * transparent proxying * plain acceleration * host header based acceleration * normal proxying (default) * To enforce a reasonable level of security in accelerators, accelerated requests are denied to go direct unless forced by always_direct. ======================================================================= Bom, pelo o que eu entendi... não vale a pena compilar esse beta doido (que não tem no ports ainda) porque vai continuar não funcionando... será que é isso mesmo? :^) [1] http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.6 [2] http://www.squid-cache.org/Versions/v3/3.0/squid-3.0-PRE3-20051030-RELEASENOTES.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]