Re: [squid-users] Solutions for transparent + proxy_auth?

From: Mark Elsen <[email protected]>
Date: Mon, 20 Feb 2006 23:03:50 +0100

> I've got a bunch of machines at various locations on various ISPs for
> which I need to filter web sites. I've set up Squid w/ authentication
> as a proxy for these machines and put ACLs in place that allow me to
> whitelist certain sites.
>
> The problem I am having is that the users of these machines are about
> two steps ahead of sea turtles on the intelligence scale and get
> confused when asked to enter a user/pass when opening Firefox. They
> *do* have a user/pass for their email, so you can see how they would
> get confused having to remember *TWO* _different_ passwords. *roll
> eyes*
>
> At any rate, I started investigating the transparent proxy option for
> two main reasons :

Drop it :

http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy?highlight=%28intercept%29#head-1cf13b27d5a6f8c523a4582d38a8cfaaacafb896

>1) they don't have to enter a user/pass, and 2) they
> can't get around the proxy settings by changing browsers, etc. I
> found the FAQ that says you can't use transparent proxying w/
> proxy_auth, so I started reading over the lists. These macines are at
> various locations on various ISPs, so I cannot use any speical
> messages in DHCP or anything like that as has been suggested
> previously. I eventually came across the login parameter to the
> cache_peer config option and that got me thinking...
>
> Could I setup squid on each of the remote boxes as a transparent
> cache, but configure the cache such that all requests are forwarded to
> the parent cache that uses authentication?
>...

Try to *think* what you are saying, how in any sense would that global
parent have any carry-thru info, about who was in front of the
intercepting SQUID ?

M.
Received on Mon Feb 20 2006 - 15:03:52 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST