Re: Inquiry of Transparent Proxying

From: Richard Stagg <>
Date: Tue, 20 Apr 1999 08:35:27 +0100 (BST)

Hmmm... I'm working on a mish-mash of code which does this, for NT
authentication using Samba. The basic premise is:
        * All objects pass through a redirector which checks that
          the client IP is in a "permitted" list.
        * If not in the list, the request is redirected to a
          "login" page served from an SSL-compliant Apache box
        * Details from that page are sent to a CGI which queries
          an NT PDC using Samba and validates the username/password
        * If correct, the list of "permitted" IP addresses is updated
          with the new client address and hence the next time the
          client requests an object they do not get redirected
          anywhere; they get the object they asked for.

Add to this assorted "Wrong username" pages and inactivity timeouts and
you have an untidy but thorough auth system that will work with
transparent proxying.

If there is interest in this, then I will happily release it once it is


Richard Stagg

On Tue, 20 Apr 1999, Dancer wrote:

> Gene Black wrote:
> >
> > I keep hearing this bit about not being able to authenticate doing
> > Transparent Proxying... Naturally the normal proxy authentication won't
> > work, but... it doesn't take much thought to realize that there's no
> > reason the proxy server can't do it's own little authentication deal and
> > simply redirect the first (or any needed subsequent requests) to it's
> > own private HTML login that it requires before passing the request
> > through unmolested... Does anyone know of a product that does this yet?
> Not to my knowledge.
> > Is there any work being done to add it to Squid?
> Again, the same. Care to volunteer?
> D

Richard Stagg
Internet Architect
Received on Tue Apr 20 1999 - 02:45:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:52 MST