RE: [squid-users] Transparent proxy to upstream authenticating proxy

From: Vosloo, Jaco <JVosloo_at_wesbank.co.za>
Date: Mon, 27 Jul 2009 13:19:43 +0200

From: Amos Jeffries
>From: Henrik Nordstrom
>>From: Vosloo, Jaco
>>> I need to configure a transparent proxy to an upstream
authenticating
>>> proxy and I believe that Squid should be able to do this. I've been
>>> searching the net for months now and would really appreciate any
advice
>>> or pointers.
>>
>> interception and authentication is mutually exclusive.
>>
>>> 2. The FAQ says authentication can not be run on a transparent
proxy,
>>> this is acceptable because I do not want to authenticate on the
>>> transparent proxy, I want the transparent proxy to let the user
>>> authenticate to the upstream proxy.
>>
>> Does not matter. What matters is that the browser isn't configured
for
>> using a proxy so it does not accept that the requested web server (as
>> far as the browser knows, it's talking to the IP of the requested web
>> server) suddenly requests proxy authentication.
>>
> He seems to be asking for a way to let Squid ignore the Proxy-Auth
>headers and simply not strip any that go through if the BC does ask for

>it. Semantic transparency et al.

Thanks for the replies. Amos is correct, I'm trying to use squid as a
truly transparent proxy, it should not add anything or take anything
away except when the object is cacheable.

The browser is configured to use the upstream proxy. I want the
transparent proxy to be a MITM between the browser and the upstream
proxy and cache whatever can be cached. This is why I am wondering if a
reverse proxy in front of the upstream proxy might provide the solution?

I have full control over the browsers as well as the internal DNS so I
can change the DNS to point to whatever proxy I want.

Current setup:
Browser --Auth--> Proxy1 --> Web server

New setup:
Browser --Tunnel Auth--> ProxyMITM --Tunnel Auth--> Proxy1 --> Web
Server

Regards
Jaco Vosloo
To read WesBank's Disclaimer for this email click on the following address or copy into your Internet browser:
https://www.wesbank.co.za/WesBankCoZa/about/legal/emaildisclaimer.jspx

If you are unable to access the Disclaimer, send a blank e-mail to
emaildisclaimer_at_wesbank.co.za and we will send you a copy of the Disclaimer.
Received on Mon Jul 27 2009 - 11:21:08 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 27 2009 - 12:00:05 MDT