Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 610 — #636
i
i
i
i
i
i
i
i
clients. For Linux, install the pidentd package for this purpose. For
Windows, there is free software available for download from the
Internet. To ensure that only clients with a successful ident lookup are
permitted, define a corresponding ACL here:
acl identhosts ident REQUIRED
http_access allow identhosts
http_access deny all
Here, too, replace REQUIRED with a list of permitted user names.
Using ident can slow down the access time quite a bit, because ident
lookups are repeated for each request.
25.3.6 Configuring a Transparent Proxy
The usual way of working with proxy servers is the following: the web
browser sends requests to a certain port in the proxy server and the proxy
provides these required objects, whether they are in its cache or not. When
working in a network, several situations may arise:
For security reasons, it is recommended that all clients use a proxy to
surf the Internet.
All clients must use a proxy, regardless of whether they are aware of
it.
The proxy in a network is moved, but the existing clients should re-
tain their old configuration.
In all these cases, a transparent proxy may be used. The principle is very
easy: the proxy intercepts and answers the requests of the web browser,
so the web browser receives the requested pages without knowing from
where they are coming. As the name indicates, the entire process is done
transparently.
Kernel Configuration
First, make sure the kernel of the proxy server supports a transparent
proxy. If not, add these options to the kernel and recompile it. For more
details, refer to Section 9 on page 233.
610 25.3. Proxy Server: Squid