Re: automatic submission of logon/password

I would like to point out that this is actually an illegal URL as defined by
the relevant RFC (I'll look up the number if you really care to know).

It appears that squid does the "right" thing, and composes a proper HTTP
request from this illegal URL, and issues that to the origin web server. 
But HTTP URLs cannot contain a username or password.  That's explicit in the
RFC.

So do not expect this kind of URL to work universally.  IE and Netscape also
convert this illegal URL into a proper HTTP request, with auth-info in the
request headers.  But if you try to pass such a URL directly to a web
server, or some other proxy, you will not get anywhere.  FWTK http-gw and
Gauntlet http-gw, for example, try to interpret the username as a hostname,
and you will usually get a "host unknown" error.  But this behavior is 100%
correct.  There's no requirement to munge illegal URLs into proper
requests.  That squid does it is a nice thing, but it doesn't mean you
should expect this to work always.

-----Original Message-----
From: Henrik Nordstrom <hno@hem.passagen.se>
To: Josh Kuperman <sar_kuper@sals.edu>
Cc: squid-users@ircache.net <squid-users@ircache.net>
Date: Wednesday, May 26, 1999 1:44 PM
Subject: Re: automatic submission of logon/password

>Josh Kuperman wrote:
>>
>> Is there I way through redirecting or some other method where I could
have
>> squid autmatically submit the logon and password when someone goes to
>> particular site that requests one.
>
>Yes. Rewrite them to
>http://user:password@site/path/
>using a redirector.
>
>--
>Henrik Nordstrom
>Spare time Squid hacker
>
Received on Wed May 26 1999 - 17:09:38 MDT