Re: [squid-users] username and password in TRANSPARENT mode

From: Adrian Chadd <[email protected]>
Date: Mon, 6 Aug 2007 18:50:44 +0800

On Mon, Aug 06, 2007, Neil A. Hillard wrote:

> The browser knows it is talking to the origin server so will support
> basic auth. If you stick an intercepting proxy in the way and then use
> basic auth then how do you authenticate to the origin server?
>
> You have to have two headers and then tell the browser to use the proxy
> (and therefore the proxy auth header).

yes, but the browser doesn't "know" that it has to authenticate to
an intermediate until its asked via a 407. The specification doesn't
cover transparently intercepted connections in this instance.
(or did it via a "proxy required" status? Henrik knows the HTTP
nuances better than I.)

In any case, the specification wasn't clear, UA's don't handle
Proxy-Authentication required right when they don't have an explicit
proxy set, and thus you can't pull off that potentially useful
(and potentially security hazardous!) trick.

Adrian
Received on Mon Aug 06 2007 - 04:50:19 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT