Re: [squid-users] Transparent Proxy and Authentication

From: Roman Gelfand <rgelfand2_at_gmail.com>
Date: Sat, 23 Feb 2013 22:35:18 -0500

yep, it is an ip based authentication.

On Fri, Feb 22, 2013 at 8:40 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 23/02/2013 8:48 a.m., Roman Gelfand wrote:
>>
>> Please, consider the network topology below. I could always configure
>> outgoing http traffic on the firewall to authenticate with firewall
>> user. How is this different from having squid authenticate in
>> transparent mode?
>
>
> That is a good question. *How* is the firewall getting the clients to add
> Proxy-Authenticate headers to their traffic when they are not talking to a
> proxy?
>
> You either have clients who are so broken they transmit the users
> credentials to any attacker who wants to request them
>
> Or you are not doing HTTP authentication on the firewall.
>
> I think your firewall is not doing HTTP authentication. Perhapse it is doing
> RADIUS, with IP-based or MAC-based authorization.
>
> Amos
Received on Sun Feb 24 2013 - 03:35:29 MST

This archive was generated by hypermail 2.2.0 : Sun Feb 24 2013 - 12:00:05 MST