Re: [squid-users] http_accel mode authentication ?? from Account For Cache Group on 2001-09-18 (squid-users)

From: Account For Cache Group <cachemail@dont-contact.us>
Date: Wed, 19 Sep 2001 09:55:37 +0430 (IRST)

You can intercept 3128 port instead of 80; your client yet should set a
proxy but not necessay to your proxy. by this approach you can
authenticate them.

even if squid ask for authentication headers, your browser will not show
you the authentication message when you have not set proxy in it.

On Wed, 19 Sep 2001 vwake_s@sify.com wrote:

> Hi,
> I need a clarification. I am trying to implement proxy authenticationwith squid v2.4 stable for internet access in our office. The users will have access to a set of pre determined sites only. For access to any other host users will have to authenticate.
>
> For authentication I am using the Novell NDS with squid LDAP auth module. This is working fine. The entire setup is fine as long as I configure my browser with my proxy details. But I have 500+ users and trying to manually change the browser setting will be killing. The only
> option ( i guess ?) is to intercept and proxy, I use a layer 4 switch to Intercept and redirect port 80 request to the squid. Now my ride becomes bumpy. When I redirect port 80 requests using layer 4 switch my proxy is not authenticating and reports the authentication is not valid. For intercept proxying I have turned on http_accel option in squid. This is where I hit the wall. If I turn on http_accel proxy does not authenticate, If I dont turn it on I cant intercept port 80 requests. Kind of Catch 22 situation.
>
> I also tried putting squid box as the default router of the network and used iptables to redirect the port 80 traffic to the squid port. In this case also proxy authentication
> fails.
>
> My problem seems to be squid not authenticating when in httpd_accel mode. For both iptables as well as layer 4 switch I need to enable http_accel option so that squid can do transparent proxying (is there any other way ??).
> When I enable this squid does not support proxy authentication.
>
> Has anybody come across a similar setup and is there any way out ?? or is there something I did not consider ?? And is there any other way of doing it ?
>
> Thanks in advance ..
>
> Vivek
>
> -------------------------------------------------
> This mail sent through : http://mail.sify.com
>
Received on Tue Sep 18 2001 - 23:27:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:16 MST