Re: NTLM and proxying

From: Robert Collins <robert.collins@dont-contact.us>
Date: Fri, 13 Apr 2001 17:48:41 +1000

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Cc: <squid-dev@squid-cache.org>
Sent: Friday, April 13, 2001 4:47 PM
Subject: Re: NTLM and proxying

> Robert Collins wrote:
> >
> > On a similar as we know authentication collides with transparent
mode
> > should we strip all authentication when running in transparent mode?
Or
> > send a explanation page?
>
> What?
>
> Squid SHOULD NOT intercept the WWW authentication when running
> transparent. It should be proxied. WWW authentication must be
explicitly
> enabled if wanted. Squid should only listen for Proxy authentication.
>
> NTLM WWW authentication still needs to be removed as it is still a
> proxy.
>

Sorry - I missed a bit.

WWW authentication collides with "proxy" authentication when transparent
mode is running. What I meant was if the proxy has proxy_auth acls
configured for a given request and the reply comes back with an
Authentication header, then strip it or send a warning page.

Alternatively, send a warning page on _every_ request if proxy_auth acls
are configured and the proxy is in transparent mode.

Basically fail gracefully when transparent mode and auth acls are
combined instead of the current "seem to work until you hit an
authenticated site".

Rob
Received on Fri Apr 13 2001 - 01:49:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:45 MST