Re: [squid-users] maybe I can use proxy_auth with interception if ....

From: Lucas Brasilino <[email protected]>
Date: Fri, 28 Feb 2003 11:33:43 -0300

Hi Henrik:

> Would not call it useful in a proxy. It is useful in accelerators but
> there the functionality is already available in Squid (a hidden
> define needs to be set in Squid-2.5 and earlier.. only to make it
> harder to find to make sure people who run transparent proxies do not
> think this is good for a transparent proxy, as it is not)

        I gonna check it out. I swear not make it public :-)

> This will as you say make the browser think it is the web site who
> requires authentication. This has a number of implications:
>
> a) As you are now using the authentication protocol meant to be user
> by web sites, no web sites will be able to use authentication via
> your proxy.

        

        That's true.

  
> b) The browser will request again for the password on each new web
> site requested.

        
        I didn't realise this issue since squid shouldn't send "401 Unauthorized"
to browser for each new web site, only in the first
access attempt.

 
> c) Your users proxy login+password will most likely leak out in plain
> text on the Internet unless you take special action to prevent this
> by making sure the Authorization header is not forwarded.

        Don't think this is a problem. As you said, it's just not

forward the Authorization header.

bests regards

-- 
[]'s
Lucas Brasilino
brasilino@recife.pe.gov.br
http://www.recife.pe.gov.br
Emprel -	Empresa Municipal de Informatica (pt_BR)
		Municipal Computing Enterprise (en_US)
Recife - Pernambuco - Brasil
Fone: +55-81-34167078
Received on Fri Feb 28 2003 - 07:34:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST