Re: [squid-users] Proxy_Auth Question

Hi,

On Thu, 31 Jan 2002, Miguel de la Borda wrote:

> Hi all,
> excuse me, my question is : Proxy_Auth is possible with transparent proxy????

No it can't. HTTP supports two authentication fields in the headers.
There's the "normal" auth field used to authenticate to web servers and
then there's the proxy authentication field. That allows the browser to
pass separate/differnet username/password combinations for the proxy and
destination server. Now, if the brwoser doesn't use a proxy (or doesn't
know that a proxy is being used, as is the case of transprent proxies)
then there is no reason for the browser to

a) accept a request from a proxy for authentication - if it isn't using a
proxy, why should a proxy be requesting authentication?

b) fill in the proxy-auth HTTP header

Just to fill in the blanks, when a browser makes it's first connection to
a web server that requires authentication, the web server sends a response
to the request with an HTTP status code of 401 (Unauthorized). When the
browser sees this it puts up the password dialogue box and the user
provides a name and password. When the user hits the right button, the
browser resubmits the original request but includes the HTTP
authentication header (contains username and password) this time. From
then on, any request to the matching realm sent by the browser includes
the authentication information.

When a browser connects to a proxy and the proxy requires authentication,
the proxy responds with the HTTP status code 407 (Proxy authentication
required). The browser sees this and throws up the dialogue box for the
username and password to be used for the proxy. The original request is
then resubmitted to the proxy but this time it contains the HTTP proxy
authentication header. All requests via the proxy will include the proxy
authentication header.

If the browser is not configured to use a proxy, it should rightly ignore
any 407 responses.

Colin
Received on Thu Jan 31 2002 - 16:32:22 MST