On Fri, 2005-11-18 at 06:20 -0300, Celso Viana wrote:

> Até onde eu sei não é possível autenticação com proxy
> transparente...... ou já é possível isso?


andei pesquisando sobre isso e achei uns links que talvez interesses a
vocês, porém, minha interpretação não foi muito boa... gostaria que
vocês interpretassem isso:

Authentication in accelerator mode [1]

Authentication is by default disabled in acceleartor mode in Squid-2.X
due to conflicts with transparent interception. To enable this feature,
at the top of acl.c add the following line:


Then "make install".

This feature is somewhat hidden because

      * It hasn't been fully thought over yet. There are issues in
        caching when combined with authentication, and more so when
        there is also authentication to the backend servers..
      * It easilly collides with transparent proxying, and many people
        simply refuses to read warnings that a feature cannot be used in
        a transparent proxy and try so anyhow.

The whole concept of "acceleration" in Squid is currently being reworked
for the Squid-3.0 release to fix this and a number of other issues.


Lembrando que ativamos o proxy transparente com essas linhas:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

E tenho umas linhas nos logs assim:
aclAuthenticated: authentication not applicable on accelerated requests.

Lendo o ReleaseNotes[2] do Squid 3.0 Beta, achei isso:


Cleanup of the relation between accelerated request and transparently
intercepted request. The two are now handled separately from each other.
This fixes two issues: 
      * Transparently intercepted requests is no longer under the
        restrictions of accelerated requests in peering relations etc..
      * No risk of confusion in authentication. Authentication is now
        allowed for accelerated requests but not transparently
        intercepted requests.

* Accelerator mode cleaned up, using the design from the rproxy
development branch 
      * The httpd_accel_* directives is now gone, replaced by
        http(s)_port options and cache_peer based request forwarding.
      * The http(s)_port options has a list of new options for
        controlling the type and mode of port created with respect to 
              * transparent proxying
              * plain acceleration
              * host header based acceleration
              * normal proxying (default)
      * To enforce a reasonable level of security in accelerators,
        accelerated requests are denied to go direct unless forced by

Bom, pelo o que eu entendi... não vale a pena compilar esse beta doido
(que não tem no ports ainda) porque vai continuar não funcionando...
será que é isso mesmo? :^)

[1] http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.6


Tiago Cruz
Linux User #282636

"The box said: Requires MS Windows or better, so I installed Linux"

Freebsd mailing list

Responder a