Re: [squid-users] authenticate request every page problem

From: otrcomm <otrcomm@dont-contact.us>
Date: Sat, 18 Nov 2006 14:30:26 -0700

Hello Henrik,

Thanks for the reply!

>> i am running squid.2.4.STABLE3 and can not figure out how to set it up
>> for accelerator mode and authentication and a redirector.

>First of all I would recommend you to upgrade to 2.6.STABLE5. There is
>absolutely no good reasons to run Squid-2.4 today, especially not if you
>are allowed to rebuild Squid from source.

Will do!

>> the problem is that squid sends me to the authentication program for
> >every page that i go to even though i tell the browser (both IE
> >6 and Firefox 1.5.0.7 ) to remember the password. once i have been to
> >a page, it seems to remember the username for the session and
> >i can come back to that page, but every new page triggers the
> >authentication request from squid.

>Sounds to me like your setup is a transparently intercepting Internet
>proxy, not accelerator mode where you accelerate your own web servers.
>You can't use authentication in transparent interception as the browser
>must be aware it's using a proxy to do proxy authentication.

>What you have done now by enabling the combination of transparent
>interception + authentication is that you have stole the web server
>authentication channel, which is both unique to each web server and
>meant for the web server not the proxy.

I think I understand!

So do you think there is a way that I can use NoCat and Squid and authentication through Squid?

I will rewrite NoCat to make it talk to Squid anyway necessary. I need to pass the username to squidGuard since I have rewritten
squidGuard to filter web sites based on switches set in mysql for specific users.

NoCat keeps up with sessions based upon ip addresses and mac addresses, but it also has the ability to request authentication.

I can setup NoCat to operate in "captive" mode where the users are required to authenticate, and I could take Squid out of
authentication mode and pass the username to Squid in the header from NoCat (after some recoding), but would that do any good?

In my
>The httpd_accel_* options has all been replaced by other options since
>2.6. See the release notes. And the hidden define you mentioned earlier
>is no longer needed as Squid now knows the difference between
>accelerator mode and transparent interception.

Regards,
Murrah Boswell
Received on Sat Nov 18 2006 - 14:30:26 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST