Re: [squid-users] Can i bypass authentication for an application running on a pc

From: Henrik Nordstrom <[email protected]>
Date: Fri, 7 Nov 2003 08:48:44 +0100 (CET)

On Fri, 7 Nov 2003, Matthew Richards wrote:

> Can anyone please tell me if it is possible to have a user challenged to authenticate by squid but
> have an application on the same computer access the Internet without being challenged?

Yes.

If your application sends a identifiable User-Agent then this can be used
to allow any application identifying itself as this User-Agent access
without authentication by using the browser acl type.

Please note however that this can be abused by your users to bypass the
authentication by reconfiguring their browser to identify itself as
this User-Agent.. there is no means whereby the proxy can securely verify
that the indicated User-Agent string is really your application and not
something else claiming to be your application.

But assuming your application only visits a handful of sites you can set
up access controls to only allow this User-Agent to bypass authentication
for these sites, or even all access to these sites if the User-Agent is
not identifiable.

Regards
Henrik
Received on Fri Nov 07 2003 - 00:49:47 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:10 MST