Robert Collins wrote:
> Sorry - I missed a bit.
>
> WWW authentication collides with "proxy" authentication when transparent
> mode is running. What I meant was if the proxy has proxy_auth acls
> configured for a given request and the reply comes back with an
> Authentication header, then strip it or send a warning page.
Squid should not accept looking for proxy_auth on "accelerated" requests
unless authentication for accelerated requests has been explicitly
enabled. If not enabled then any proxy_auth acl MUST return FALSE, and a
warning sent to cache.log.
> Basically fail gracefully when transparent mode and auth acls are
> combined instead of the current "seem to work until you hit an
> authenticated site".
This is something you changed in auth_rewrite. Before auth_rewrite squid
had to be recompiled with a hidden define to at all look for WWW
authentication because of this collision.
Proposal: Add a squid.conf directive for enabling WWW Authentication in
accelerators. Default to "off", and have a big fat warning that this
MUST NOT be enabled in transparent proxies.
/ Henrik
Received on Fri Apr 13 2001 - 02:19:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:45 MST