Re: [squid-users] Getting SARG to show usernames instead of IP

From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo_at_gmail.com>
Date: Thu, 21 Jul 2011 11:46:38 -0430

Hi!

On Wed, Jul 20, 2011 at 12:08 PM, chinner999 <chinner999_at_gmail.com> wrote:
> Right from the squid.conf file
>
>  WARNING: authentication can't be used in a transparently intercepting
> #       proxy as the client then thinks it is talking to an origin server and
> #       not the proxy. This is a limitation of bending the TCP/IP protocol to
> #       transparently intercepting port 80, not a limitation in Squid.
> #       Ports flagged 'transparent', 'intercept', or 'tproxy' have
> #       authentication disabled.
>
> Guess I can't use authentication with a transparent setup.  Will have to investigate intercept proxy.  I'm trying to use Cisco WCCP via our Cisco 5505's so if I go intercept proxy and the Squid server goes offline, Internet traffic can still go through.

No, you can't authenticate in transparent. However, if you send proxy
configuration through AD policy (so that you don't need to go to every
workstation to configure it), you could configure squid to use AD for
auth purposes - maybe... kerberos auth.

Also, there is WPAD that you can use to "automatically detect" proxy.

All of this will have the advantage of allowing you to do access
control based on users and groups.

Sincerely,

Ildefonso Camargo
Received on Thu Jul 21 2011 - 16:16:45 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 21 2011 - 12:00:07 MDT