On Fri, 2005-11-18 at 06:20 -0300, Celso Viana wrote: > Até onde eu sei não é possível autenticação com proxy > transparente...... ou já é possível isso?
Pessoal, andei pesquisando sobre isso e achei uns links que talvez interesses a vocês, porém, minha interpretação não foi muito boa... gostaria que vocês interpretassem isso: ======================================================================= Authentication in accelerator mode [1] Authentication is by default disabled in acceleartor mode in Squid-2.X due to conflicts with transparent interception. To enable this feature, at the top of acl.c add the following line: #define AUTH_ON_ACCELERATION 1 Then "make install". This feature is somewhat hidden because * It hasn't been fully thought over yet. There are issues in caching when combined with authentication, and more so when there is also authentication to the backend servers.. * It easilly collides with transparent proxying, and many people simply refuses to read warnings that a feature cannot be used in a transparent proxy and try so anyhow. The whole concept of "acceleration" in Squid is currently being reworked for the Squid-3.0 release to fix this and a number of other issues. ======================================================================= Lembrando que ativamos o proxy transparente com essas linhas: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on E tenho umas linhas nos logs assim: aclAuthenticated: authentication not applicable on accelerated requests. Lendo o ReleaseNotes[2] do Squid 3.0 Beta, achei isso: ======================================================================= Cleanup of the relation between accelerated request and transparently intercepted request. The two are now handled separately from each other. This fixes two issues: * Transparently intercepted requests is no longer under the restrictions of accelerated requests in peering relations etc.. * No risk of confusion in authentication. Authentication is now allowed for accelerated requests but not transparently intercepted requests. * Accelerator mode cleaned up, using the design from the rproxy development branch * The httpd_accel_* directives is now gone, replaced by http(s)_port options and cache_peer based request forwarding. * The http(s)_port options has a list of new options for controlling the type and mode of port created with respect to * transparent proxying * plain acceleration * host header based acceleration * normal proxying (default) * To enforce a reasonable level of security in accelerators, accelerated requests are denied to go direct unless forced by always_direct. ======================================================================= Bom, pelo o que eu entendi... não vale a pena compilar esse beta doido (que não tem no ports ainda) porque vai continuar não funcionando... será que é isso mesmo? :^) [1] http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.6 [2] http://www.squid-cache.org/Versions/v3/3.0/squid-3.0-PRE3-20051030-RELEASENOTES.html Abraços -- Tiago Cruz http://linuxrapido.org Linux User #282636 "The box said: Requires MS Windows or better, so I installed Linux" _______________________________________________ Freebsd mailing list Freebsd@fug.com.br http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br