Re: [squid-users] transparent proxying in squid 2.6-Stable1

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Mon, 03 Jul 2006 23:21:01 +0200

mån 2006-07-03 klockan 13:06 +0700 skrev RdBSD:

> before i have squid 2.5.stable 13 and then i want to transparent and
> get authentication in each user who's connected to internet using
> their browser.

Not possible I am afraid. This is not something you can do in a proxy
using proxy authentication. You will need to implement a separate
authentication system keeping track of your users and reporting the user
name to Squid via external_acl_type..

> And then i found squid2.6 stable which support
> auth-on-accell.

Yes, but it's litterally what it says. Authentication in accelerator
mode infront of YOUR web servers under your administrative control, not
when transparently intercepting traffic to other web servers.

Proxy authentication requires the browser to be configured to use the
proxy.

Authentication in accelerator mode is web server authentication, unique
to each web server and for that web server only.

> my problem is howto make transparent proxy in squid
> 2.6stable ?.

Similar to 2.5, except that you use the word transparent in the
http_port line instead of the "httpd_accel_host virtual" thing one used
in 2.5..

But unfortunately a small bug crept in into 2.6.STABLE1 in the
transparent interception mode. See bug #1650.

> http_port ip-proxy:3128 transparent vhost vport=80 defaultsite=virtual
> protocol=http
> cache_peer ip-sibling sibling 8080 3130 no-query originserver

This is a typical reverse proxy setup, not transparent proxy..

A transparent proxy setup looks more like

http_port ip-proxy:3128 transparent

and due to bug #1650 you will also need the following until a patch is
available if you don't have any parent proxies the request should be
forwarded to:

always_direct allow all

patch will be available shortly.

Regards
Henrik

Received on Mon Jul 03 2006 - 15:21:06 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT