[squid-users] Réf. : Re: [squid-users] Réf. : Re: [squid-users] transparent proxy and ldap_auth

From: <cjmsquid@dont-contact.us>
Date: Thu, 7 Jun 2001 17:00:21 -0400

I tought about that but what about all the other ports ?

Could I have a mix of Transparent proxy and Browser config. I mean would it
work if I configure my router for transparent proxy and configure my users
browser for access to work. This mean that squid would block those who take
off the proxy config.

So could this be an option ?

Thank,

Louis-Steve Desjardins

                                                                                          
                    Joe Cooper
                    <joe@swelltec Pour : cjmsquid@mtl.centresjeunesse.qc.ca
                    h.com> cc : Colin Campbell
                                         <sgcccdc@citec.qld.gov.au>,
                    2001-06-07 squid-users@squid-cache.org
                    13:46 Objet : Re: [squid-users] Réf. : Re:
                                         [squid-users] transparent proxy and ldap_auth
                                                                                          

Close port 80 to outgoing traffic, and send out a memo to all web users
how to configure their browsers to use the proxy.

cjmsquid@mtl.centresjeunesse.qc.ca wrote:

> Thank for your input, now I see why authentication can't work with
> transparent proxy.
>
> But now, what's the best method to prevent my users from getting around
the
> proxy and having authentication ?
>
> I mean by not installing anything on the desktop, only router and proxy
> configuration. Am I asking to much ?
>
> Thank,
>
> Louis-Steve Desjardins
> Les Centres jeunesse de Montréal
>
>
>
>

> Colin Campbell

> <sgcccdc@citec.q Pour :
<cjmsquid@mtl.centresjeunesse.qc.ca>
> ld.gov.au> cc :
<squid-users@squid-cache.org>
> Objet : Re:
[squid-users] transparent proxy
> 2001-06-05 19:28 and ldap_auth

>

>

>
>
>
> Hi,
>
> On Tue, 5 Jun 2001 cjmsquid@mtl.centresjeunesse.qc.ca wrote:
>
>
>>We are using Squid 2.3.STABLE3-ldap_auth (with the patch from
>>http://www.fatgut.org/squid/group_ldap_auth).
>>
>>In the squid.conf it give us this warning :
>>
>>" WARNING: ldap_auth can't be used in a transparent proxy.
>>It collides with any authentication done by origin servers.
>>It may seem like it works at first, but it doesn't. "
>>
>>I would like to have I bit more on why it does not work.
>>
>
> No authentication method can work with a transparent proxy. How can the
> browser send a "proxy-authentication" field in the HTTP headers when, as
> far as it knows, there's no proxy in use? Think about it. It's not squid
> that would need fixing. You'd need to fix the browser so that when it got
> a "407(?) proxy authentication required" it would request a password and
> forward that to the non-existant proxy in the HTTP headers of the
request.
>
> Colin

                                   --
                      Joe Cooper <joe@swelltech.com>
                  Affordable Web Caching Proxy Appliances
                         http://www.swelltech.com
Received on Thu Jun 07 2001 - 15:03:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:33 MST