That is devious ! cunning ! excellent ! I'd never have figured it out
myself. Many thanks to Mr. Nordstrom.
It took a bit to figure it out and get it working, but it seems to be
exactly what I wanted.
For those who'd like to know how I did it :
[startup scripts, linux 2.2]
ipchains -A input -j REDIRECT 3128 -p tcp -s 192.168.1.0/24 -d 0.0.0.0/0 80
ipchains -A input -j REDIRECT 3128 -p tcp -s 192.168.2.0/24 -d 0.0.0.0/0 80
[squid.conf]
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
acl p_transparent myport 80 3128
acl p_proxy myport 3129
acl p_auth proxy_auth REQUIRED
redirector_access allow p_transparent
redirector_access deny p_proxy
http_access allow localhost p_transparent
http_access allow localnet p_transparent
http_access allow localnet p_proxy p_auth
>
> > Is it possible, to keep transparent proxying active, without necessary
> > logins, but with the squid_redirect redirector active, and also have a
> > non-transparent proxy port open, which requires authentication, and offers
> > unfiltered access ? The authorised users would temporarily configure their
> > browser to access the traditional proxy.
>
> Sure. See the following directives in squid.conf:
>
> http_port
> acl .. myport ...
> acl .. proxy_auth ...
> http_access
> redirector_access
>
> Hint: Use the myport ACL to detect which port Squid received the request
> on.
>
> --
> Henrik Nordstrom
> Squid hacker
>
Received on Tue Apr 03 2001 - 22:33:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:08 MST