[squid-users] Re: [Bridge] bridge and transparent proxy...

Why you must have the browser configured to use a proxy in order to
use proxy authentication?

Simply by the fact that when the browser isn't configured to use a
proxy there isn't supposed to be a proxy there.

By security reasons HTTP requires the browser to know which proxy it
is providing the user credentials to. When you run a "transparent
proxy" your intercept the browsers traffic without the browser
knowing. As far as the browser knows it is talking to the origin
server with no proxy inbetween.

As the browser doesn't know it is talking to a proxy, or which proxy,
it is not allowed to send any proxy user credentials even if
requested but the server. Is the same as if you have HTTP servers on
the internet asking for the users proxy password. Why should your
browser send your proxy login information to random web servers on
the Internet which as far as your browser knows has nothing to do
with your proxy?

Regards
Henrik

On Monday 20 May 2002 18:44, Grimes, Shawn (NIA/IRP) wrote:
> is there any particular reason for this? By the way, nice paper on
> building the transparent proxy.
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@marasystems.com]
> Sent: Monday, May 20, 2002 11:08 AM
> To: Grimes, Shawn (NIA/IRP); bridge@math.leidenuniv.nl
> Subject: Re: [Bridge] bridge and transparent proxy...
>
>
> With the bridge-netfilter integration
> (http://bridge.sourceforge.net/) you can run transparent proxies on
> bridges just fine. We even made a cache & firewall product
> prototype doing this some year ago..
>
> However, you cannot combine HTTP Proxy authentication with
> transparent proxying. To use HTTP Proxy authentication the browser
> MUST be configured to use a proxy.
>
> Regards
> Henrik Nordström
> alias hno@squid-cache.org
Received on Mon May 20 2002 - 16:04:42 MDT