Re: [squid-users] Réf. : Re: [squid-users] transparent proxy and ldap_auth

From: Joe Cooper <joe@dont-contact.us>
Date: Thu, 07 Jun 2001 12:46:42 -0500

Close port 80 to outgoing traffic, and send out a memo to all web users
how to configure their browsers to use the proxy.

cjmsquid@mtl.centresjeunesse.qc.ca wrote:

> Thank for your input, now I see why authentication can't work with
> transparent proxy.
>
> But now, what's the best method to prevent my users from getting around the
> proxy and having authentication ?
>
> I mean by not installing anything on the desktop, only router and proxy
> configuration. Am I asking to much ?
>
> Thank,
>
> Louis-Steve Desjardins
> Les Centres jeunesse de Montréal
>
>
>
>
> Colin Campbell
> <sgcccdc@citec.q Pour : <cjmsquid@mtl.centresjeunesse.qc.ca>
> ld.gov.au> cc : <squid-users@squid-cache.org>
> Objet : Re: [squid-users] transparent proxy
> 2001-06-05 19:28 and ldap_auth
>
>
>
>
>
> Hi,
>
> On Tue, 5 Jun 2001 cjmsquid@mtl.centresjeunesse.qc.ca wrote:
>
>
>>We are using Squid 2.3.STABLE3-ldap_auth (with the patch from
>>http://www.fatgut.org/squid/group_ldap_auth).
>>
>>In the squid.conf it give us this warning :
>>
>>" WARNING: ldap_auth can't be used in a transparent proxy.
>>It collides with any authentication done by origin servers.
>>It may seem like it works at first, but it doesn't. "
>>
>>I would like to have I bit more on why it does not work.
>>
>
> No authentication method can work with a transparent proxy. How can the
> browser send a "proxy-authentication" field in the HTTP headers when, as
> far as it knows, there's no proxy in use? Think about it. It's not squid
> that would need fixing. You'd need to fix the browser so that when it got
> a "407(?) proxy authentication required" it would request a password and
> forward that to the non-existant proxy in the HTTP headers of the request.
>
> Colin

                                   --
                      Joe Cooper <joe@swelltech.com>
                  Affordable Web Caching Proxy Appliances
                         http://www.swelltech.com
Received on Thu Jun 07 2001 - 13:55:19 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:33 MST