Re: [squid-users] username and password in TRANSPARENT mode

From: Neil A. Hillard <neil.hillard@dont-contact.us>
Date: Mon, 06 Aug 2007 11:42:21 +0100

Adrian,

Adrian Chadd wrote:
> On Mon, Aug 06, 2007, Neil A. Hillard wrote:
>
>> I can't see how it's a shortcoming of the protocol. If the browser
>> isn't aware that there is a proxy then why would it (why should it) try
>> to authenticate to one? Tell it that a proxy exists and it's more than
>> happy to authenticate.
>>
>> Interception is less than ideal.
>
> Look at how a browser talks directly to an origin server when presenting
> (HTTP Basic) authentication credentials, and what a proxy ends up doing
> with those.

The browser knows it is talking to the origin server so will support
basic auth. If you stick an intercepting proxy in the way and then use
basic auth then how do you authenticate to the origin server?

You have to have two headers and then tell the browser to use the proxy
(and therefore the proxy auth header).

                                Neil.

-- 
Neil Hillard                    neil.hillard@agustawestland.com
AgustaWestland                  http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
            views of Westland Helicopters Ltd.
Received on Mon Aug 06 2007 - 04:42:29 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT