This is a discussion on Re: [squid-users] Squid binary for Windows with auth in - squid ; Hi Henrik, At 18.26 16/04/2004, Henrik Nordstrom wrote: >On Fri, 16 Apr 2004, Serassio Guido wrote: > > > Henrik: > > I have forgotten this detail ...., thanks for remember me it. > > > > But I have ...
At 18.26 16/04/2004, Henrik Nordstrom wrote:
>On Fri, 16 Apr 2004, Serassio Guido wrote:
> > Henrik:
> > I have forgotten this detail ...., thanks for remember me it.
> > But I have a question for you: why don't make this a squid.conf option
> > "httpd_accel_authentication on|off" valid only when Squid runs as an httpd
> > accelerator ?
>The problem is already solved in Squid-3.0 with the split of acceleration
>and interception, completely eleminating the need for this define.
>Squid-2.5 is in bug maintenance mode since long back so there should be no
>new features unless security related or otherwise critical. And by
>experience making this option visible people will abuse it in interception
>mode without understanding what it does and then get badly bitten by their
>users even if we write in bold capital letters all over the place that
>this is not possible (which is why the define was added) so I prefer
>having discussion about it each time a user needs this feature of
>accelerator more authentication in Squid-2.5 or earlier.
OK, I'was thinking to 3.0, so my question is unuseful.
>In the NT build such abuse is less likely as interception with NT is very
>uncommon, so I don't mind if this option is enabled by default there
>especially not considering that compiling Open Source programs scares most
>NT admins and is somewhat more complex than in the UNIX world..
You are right: interception on NT is a feature non currently available, so
build Windows binaries with AUTH_ON_ACCELERATION defined should be safe.
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665