Ohn Pierre wrote:
> - as I do not want to go on all the machines to configure the proxy
> settings of all the web browsers (which the user can always modify
> later....), I am looking for an automatic redirection of internet
> traffic to the proxy. I think the best solution is to use WCCP in the
> backbone (I forgot to mention, our active network equipment is all
> CISCO). If I do so, will I still be able to authenticate the users with
> the proxy ? If not does anybody have a suggestion?
No. Proxy authentication requires the browser to be configured to use a
proxy. Proxy authentication makes no sense to the browsers when the
browser thinks it is talking direcly to the origin web server, and HTTP
speciciations says browsers MUST ignore any proposals for proxy
authentication in such case as it is most likely a fraud.
> - does anybody knows if it possible to replace the classical proxy
> authentication window (which can be very little customized, just the
> proxy_auth_realm parameter is not enough)?
The authentication window is controlled by the browser. The only two
parameters given for the authentication window by the proxy is
a) Hey, I require authentication
b) This is the realm for which the user should provide suitable
credentials
How this is presented to the user is 100% up to the browser.
Some browser vendors has toolkits allowing you to make customized
versions of the browser, possibly even changing this type of windows
(not certain).
What has been discussed a couple of times is to have the user refirected
to a "terms of use" page on the first request after authenticating. This
is however not something which can be done straight out of the box with
Squid and some customization will be required.
Regards
Henrik
Received on Thu Nov 21 2002 - 11:28:18 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:31 MST