On Tue, 11 Oct 2005, [iso-8859-1] Luis Frazão wrote:
> Hi, I’ve been using the Squid for a short period of time.
>
> I’m trying to run a transparent proxy with authentication.
This is not possible, period.
HTTP authentication is possible in an accelerator, but is impossible in an
transparent proxy. HTTP explicitly does not allow authentication in
transparently intercepting proxies and for very good security reasons.
> I’ve read in the Documentation of squid that isn’t possible to do that
> because of some conflicts, but they also say that, the new version 3.0 will
> be operational at this level. Meanwhile the latest version has some
> bug-fixes…
>
>
>
> They are:
>
>
>
> This fixes two issues:
>
> * Transparently intercepted requests is no longer under the
> restrictions of accelerated requests in peering relations etc..
> * No risk of confusion in authentication. Authentication is now
> allowed for accelerated requests but not transparently intercepted requests.
>
> (Henrik Nordström)
>
>
>
> * Accelerator mode cleaned up, using the design from the rproxy
> development branch
>
> The httpd_accel_* directives is now gone, replaced by http(s)_port options
> and cache_peer based request forwarding.
>
> The http(s)_port options has a list of new options for controlling the type
> and mode of port created with respect to
>
> * transparent proxying
> * plain acceleration
> * host header based acceleration
> * normal proxying (default)
>
> * To enforce a reasonable level of security in accelerators,
> accelerated requests are denied to go direct unless forced by always_direct.
>
> (Henrik Nordström)
>
>
>
> Does this means that this unstable version already works with a transparent
> and authenticated proxy?
No, not at all. Only that authentication is now available for accelerator
setups without having to resort to undocumented defines.
> I’ve try to run the newest version, but the old commands such as
> httpd_port….. no longer exists. Can you help me?
There is preleminary Squid-3 release notes documenting the major changes
in configuration. Not yet complete, but better than nothing.
Regards
Henrik
Received on Tue Oct 11 2005 - 13:33:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST