Re: [squid-users] DSL ISP will require authentication: can squid provide login/passw??

From: Robert Collins <[email protected]>
Date: 23 Oct 2002 11:43:29 +1000

On Wed, 2002-10-23 at 07:23, Depto Suporte wrote:
>
> Hi,
>
> My DSL provider will soon require login and password for web navigation. I
> think they will implement transparent proxying (ports 80, 443) with
> authentication. It seems that it has something to do with fighting cable
> piracy.

*cough* big brother *cough*. BTW: 443 interception will result in
security warnings from all your browsers on *all* sites. port 80
interception cannot use standard authentication as it will collide with
the normal authentication headers - the normal approach for such
environments is a redirect + auth + redirect approach.

> The problem is: I have a linux gateway which is a proxy for a dozen internal
> users, and is connected to that DSL provider. Those users already provide
> login/password for proxy authentication at the linux gateway level. So far
> it has been working perfectly.
>
> Now there is this new ISP authentication: I don't know what is going to
> happen. Maybe will the users be prompted twice when they open their
> browsers? But then, I would need to provide the ISP login/password to ALL
> users in the LAN (in addition to the local squid login/passwords they
> already use every day).

Nope, you just need to configure the upstream cache as a parent, with a
login password. Get the upstream cache dns (it can be round robin) name
from your ISP. If they won't give it to you, take em to court for
violation of privacy on the intercepted requests.

Rob

Received on Tue Oct 22 2002 - 19:43:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:46 MST