On Fri, 2005-11-18 at 06:20 -0300, Celso Viana wrote:
> Até onde eu sei não é possível autenticação com proxy
> transparente...... ou já é possível isso?
Pessoal,
andei pesquisando sobre isso e achei uns links que talvez interesses a
vocês, porém, minha interpretação não foi muito boa... gostaria que
vocês interpretassem isso:
=======================================================================
Authentication in accelerator mode [1]
Authentication is by default disabled in acceleartor mode in Squid-2.X
due to conflicts with transparent interception. To enable this feature,
at the top of acl.c add the following line:
#define AUTH_ON_ACCELERATION 1
Then "make install".
This feature is somewhat hidden because
* It hasn't been fully thought over yet. There are issues in
caching when combined with authentication, and more so when
there is also authentication to the backend servers..
* It easilly collides with transparent proxying, and many people
simply refuses to read warnings that a feature cannot be used in
a transparent proxy and try so anyhow.
The whole concept of "acceleration" in Squid is currently being reworked
for the Squid-3.0 release to fix this and a number of other issues.
=======================================================================
Lembrando que ativamos o proxy transparente com essas linhas:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
E tenho umas linhas nos logs assim:
aclAuthenticated: authentication not applicable on accelerated requests.
Lendo o ReleaseNotes[2] do Squid 3.0 Beta, achei isso:
=======================================================================
Cleanup of the relation between accelerated request and transparently
intercepted request. The two are now handled separately from each other.
This fixes two issues:
* Transparently intercepted requests is no longer under the
restrictions of accelerated requests in peering relations etc..
* No risk of confusion in authentication. Authentication is now
allowed for accelerated requests but not transparently
intercepted requests.
* Accelerator mode cleaned up, using the design from the rproxy
development branch
* The httpd_accel_* directives is now gone, replaced by
http(s)_port options and cache_peer based request forwarding.
* The http(s)_port options has a list of new options for
controlling the type and mode of port created with respect to
* transparent proxying
* plain acceleration
* host header based acceleration
* normal proxying (default)
* To enforce a reasonable level of security in accelerators,
accelerated requests are denied to go direct unless forced by
always_direct.
=======================================================================
Bom, pelo o que eu entendi... não vale a pena compilar esse beta doido
(que não tem no ports ainda) porque vai continuar não funcionando...
será que é isso mesmo? :^)
[1] http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.6
[2]
http://www.squid-cache.org/Versions/v3/3.0/squid-3.0-PRE3-20051030-RELEASENOTES.html
Abraços
--
Tiago Cruz
http://linuxrapido.org
Linux User #282636
"The box said: Requires MS Windows or better, so I installed Linux"
_______________________________________________
Freebsd mailing list
Freebsd@fug.com.br
http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
