Re: [squid-users] is really impossible?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 30 Mar 2005 22:50:35 +0200 (CEST)

On Wed, 30 Mar 2005, [ISO-8859-1] Jonis Maurin Ceará wrote:

> It's really impossible to run squid as transparent proxy (NAT) +
> authentication? :(

Yes. The HTTP protocol does not allow this, for obvious security reasons.

> Anyone know any other solution?

You have to use some form of IP based authentication if you want
authentication in an transparently intercepting proxy. But see below as I
suspect you may be looking at the wrong path here due to misunderstanding
of terminology.

> I have my intranet server.....but now, i must access this server from outside
> but with some kind of password/authentication.

For this you need a reverse proxy, not transparent proxy.

A reverse proxy acts as if it was the web server, on authority by the web
server owner. This can use authentication, but only if the web server as
such does not (or if it does the same user+password must be used, and only
Basic authentication).

A transparently intercepting proxy hijacks the users requests, acting by
spoofing as if it was the web servers (all web servers in the whole world)
on the TCP/IP level, but neither authoratively nor physically.

Regards
Henrik
Received on Wed Mar 30 2005 - 13:50:41 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:03 MST