Henrik Nordstrom writes:
>+ - Changed proxy_auth to work when in accelerator mode. proxy_auth
>+ probably should be renamed to auth and not proxy_auth. (Henrik
>+ Nordstrom)
>+ - added login=user:password option to cache_peer directive to be
>+ used when your parent requires proxy authentication and you
>+ don't want your users to be required to authenticate manually.
>+ (Henrik Nordstrom)
>+ - If you want to "auto-login" on certain servers, then use a
>+ redirector that rewrites the URL to the form
>+ http://username:password@server/.... and configure your Squid
>+ to go direct to that server. Squid now picks this up when
>+ going direct, and turns it into basic WWW authentication.
>+ (Henrik Nordstrom)
I guess I'm going to go into jerkbutt mode for a bit here.
I don't really like any of these changes.
Regarding the first, I don't like it that Squid is becoming more and
more like an origin server. Squid should be a proxy and people should
use Apache for an origin server. Just like I think Apache makes a bad
proxy, I think Squid makes a bad origin server (accelerator,
whatever). Will it never stop?
Regarding the second, this seems overly complicated. Why doesn't the
peer just always allow requests from this cache's IP address? We can
already fix this with existing access controls instead of adding more
configuration options.
Auto-login to a server? Is this needed? Seems to me that
authentication is an END-TO-END characteristic of HTTP. Having proxies
insert authentication in the middle breaks that.
Now, where's my asbestos suit....?
Duane W.
Received on Tue Jul 29 2003 - 13:15:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:57 MST