Fw: [SQU] IBM Host On Demand

From: Robert Collins <robert.collins@dont-contact.us>
Date: Thu, 15 Feb 2001 09:46:33 +1100

----- Original Message -----
From: "Robert Collins" <robert.collins@itdomain.com.au>
To: "Adam Lang" <aalang@rutgersinsurance.com>; <squid-dev@ircache.net>
Sent: Thursday, February 15, 2001 9:42 AM
Subject: Re: [SQU] IBM Host On Demand

Re: [SQU] IBM Host On DemandBecause intercepting proxies don't break web site authentication, they break proxy authentication. Thus
my comment that 'you cannot

authenticate _your users'.

http://squid-docs.sourceforge.net/latest/html/c2624.htm#AEN2636 has another perspective on the problems associated with transparent

proxies.

Henrik, do you have that link to known HTTP spec problems - I think they had a good description of the issues on this?

Rob

----- Original Message -----
From: "Adam Lang" <aalang@rutgersinsurance.com>
To: <squid-users@ircache.net>
Cc: <squid-users@ircache.net>
Sent: Thursday, February 15, 2001 8:51 AM
Subject: Re: [SQU] IBM Host On Demand

> Ah, gotcha... but why would anyone use transparent proxying? If there is
> ever the off chance the user needs to go to a website to authenticate, they
> are technically "broken".
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Colin Campbell" <sgcccdc@citec.qld.gov.au>
> To: "Adam Lang" <aalang@rutgersinsurance.com>
> Cc: <squid-users@ircache.net>
> Sent: Wednesday, February 14, 2001 4:41 PM
> Subject: Re: [SQU] IBM Host On Demand
>
>
> > Hi,
> >
> > On Wed, 14 Feb 2001, Adam Lang wrote:
> >
> > > Finally, can you explain to me why transparent proxies break the HTTP
> > > authentication?
> >
> > They don't break HTTP authentication. They break proxy authentication.
> > There are two authentication fields available in the HTTP header sent from
> > the browser. One is for the destination web server, the other for proxy
> > authentication. If the browser does not believe there is a proxy present,
> > as is the case with transparent proxies, it will not react to a request
> > for proxy auth and not send a proxy-auth field in the header.
> >
> > Colin
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Feb 14 2001 - 15:48:22 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:01 MST