RE: [squid-users] Solutions for transparent + proxy_auth?

From: Chris Robertson <crobertson@dont-contact.us>
Date: Tue, 21 Feb 2006 10:25:06 -0900

> -----Original Message-----
> From: Steve Brown [mailto:sbrown25@gmail.com]
> Sent: Tuesday, February 21, 2006 7:51 AM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Solutions for transparent + proxy_auth?
>
>
> > How is there "authentication" without credentials? I have
> > misunderstood
> > your setup. What are you referring to when you say
> > "authentication" because
> > the knee-jerk reaction is to assume a username and password is
> > authenticating...
>
> Yes there is a user/pass. Everyone is saying that the broswer
> shouldn't indiscriminately provide crednetials, which I agree with.
> However, in the setup I am proposing, the browser isn't submitting
> credentials. The traffic is intercepted by a local proxy, which does
> *not* have authentication and only responds to localhost traffic. The
> local proxy then queries the parent cache with the u/p provided by the
> login parameter in the cache_peer config option. So the
> authentication is there, it just doesn't require any user interaction.
>

So the plan is to run a Squid server (service?) on every computer that is going to access the internet?

While that should certainly work, I wouldn't want to be the one responsible for the maintenance thereof. Every computer's squid.conf is going to need to be hand edited to supply different credentials, and somehow locked down so those credentials can't be changed. Every computer is going to need to perform interception of its own traffic. Additionally, you have all the caveats of interception proxies.

Perhaps if we knew more about the setup and requirements, alternative solutions could be proffered.

Chris
Received on Tue Feb 21 2006 - 12:25:13 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST