On Tue, 11 Oct 2005, [iso-8859-1] Luis Frazão wrote:
Hi, I’ve been using the Squid for a short period of time.
I’m trying to run a transparent proxy with authentication.
This is not possible, period.
HTTP authentication is possible in an accelerator, but is impossible in an
transparent proxy. HTTP explicitly does not allow authentication in
transparently intercepting proxies and for very good security reasons.
I’ve read in the Documentation of squid that isn’t possible to do that
because of some conflicts, but they also say that, the new version 3.0 will
be operational at this level. Meanwhile the latest version has some
bug-fixes…
They are:
This fixes two issues:
* Transparently intercepted requests is no longer under the
restrictions of accelerated requests in peering relations etc..
* No risk of confusion in authentication. Authentication is now
allowed for accelerated requests but not transparently intercepted requests.
(Henrik Nordström)
* Accelerator mode cleaned up, using the design from the rproxy
development branch
The httpd_accel_* directives is now gone, replaced by http(s)_port options
and cache_peer based request forwarding.
The http(s)_port options has a list of new options for controlling the type
and mode of port created with respect to
* transparent proxying
* plain acceleration
* host header based acceleration
* normal proxying (default)
* To enforce a reasonable level of security in accelerators,
accelerated requests are denied to go direct unless forced by always_direct.
(Henrik Nordström)
Does this means that this unstable version already works with a transparent
and authenticated proxy?
No, not at all. Only that authentication is now available for accelerator
setups without having to resort to undocumented defines.
I’ve try to run the newest version, but the old commands such as
httpd_port….. no longer exists. Can you help me?
There is preleminary Squid-3 release notes documenting the major changes
in configuration. Not yet complete, but better than nothing.
Regards
Henrik
