On 12/14/2011 10:46 PM, Amos Jeffries wrote:
On 15/12/2011 3:29 p.m., Elvar wrote:
Hello,
I'm running Squid & Dansguardian in several environments and the
environment using transparent proxy mode is suffering from a severe
delay in loading a page. Once the page starts to load it is quick but
the initial load is severely delayed. When I switched from
transparent to NTLM auth, surprisingly the delay is completely gone.
I'd think it would be the other way around honestly. I'm not sure how
to resolve this but any suggestions would be greatly appreciated.
"transparent" is a confusing word. Particularly more so since you say
you changed from "transparent proxy" to one of the forms of
"transparent authentication".
To clarify what you were meaning:
Was your "transarent proxy" setup using?
NAT intercept?
TPROXY intercept?
WPAD?
Basic auth SSO?
Digest auth SSO?
Negotiate/Kerberos auth SSO?
OAuth?
or an external ACL helper doing out-of-band auth tests?
Amos
By transparent, I mean I'm using iptables to redirect outbound HTTP
through Dansguardian. My iptables rule is below
'#$IPT -t nat -A PREROUTING -i $LAN_IF -p tcp -s $LAN --dport 80 -j
REDIRECT --to-port 8080'
When I'm using this there seems to be more of a delay loading sites vs.
configuring web browsers to connect to the proxy directly and
authenticate using NTLM & winbind. When I use the iptables redirect rule
I have authentication off. In general, what are some things I should
check as to why / what may be causing the sites to load slow?
Thanks!
