On 23/02/2013 8:48 a.m., Roman Gelfand wrote:
> Please, consider the network topology below. I could always configure
> outgoing http traffic on the firewall to authenticate with firewall
> user. How is this different from having squid authenticate in
> transparent mode?
That is a good question. *How* is the firewall getting the clients to
add Proxy-Authenticate headers to their traffic when they are not
talking to a proxy?
You either have clients who are so broken they transmit the users
credentials to any attacker who wants to request them
Or you are not doing HTTP authentication on the firewall.
I think your firewall is not doing HTTP authentication. Perhapse it is
doing RADIUS, with IP-based or MAC-based authorization.
Amos
Received on Sat Feb 23 2013 - 01:40:36 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 24 2013 - 12:00:05 MST