Thank for your input, now I see why authentication can't work with
transparent proxy.
But now, what's the best method to prevent my users from getting around the
proxy and having authentication ?
I mean by not installing anything on the desktop, only router and proxy
configuration. Am I asking to much ?
Thank,
Louis-Steve Desjardins
Les Centres jeunesse de Montréal
Colin Campbell
<sgcccdc@citec.q Pour : <cjmsquid@mtl.centresjeunesse.qc.ca>
ld.gov.au> cc : <squid-users@squid-cache.org>
Objet : Re: [squid-users] transparent proxy
2001-06-05 19:28 and ldap_auth
Hi,
On Tue, 5 Jun 2001 cjmsquid@mtl.centresjeunesse.qc.ca wrote:
> We are using Squid 2.3.STABLE3-ldap_auth (with the patch from
> http://www.fatgut.org/squid/group_ldap_auth).
>
> In the squid.conf it give us this warning :
>
> " WARNING: ldap_auth can't be used in a transparent proxy.
> It collides with any authentication done by origin servers.
> It may seem like it works at first, but it doesn't. "
>
> I would like to have I bit more on why it does not work.
No authentication method can work with a transparent proxy. How can the
browser send a "proxy-authentication" field in the HTTP headers when, as
far as it knows, there's no proxy in use? Think about it. It's not squid
that would need fixing. You'd need to fix the browser so that when it got
a "407(?) proxy authentication required" it would request a password and
forward that to the non-existant proxy in the HTTP headers of the request.
Colin
Received on Thu Jun 07 2001 - 09:41:36 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:32 MST