On Wed, 30 Mar 2005, [ISO-8859-1] Jonis Maurin Ceará wrote:
It's really impossible to run squid as transparent proxy (NAT) + authentication? :(
Yes. The HTTP protocol does not allow this, for obvious security reasons.
Anyone know any other solution?
You have to use some form of IP based authentication if you want authentication in an transparently intercepting proxy. But see below as I suspect you may be looking at the wrong path here due to misunderstanding of terminology.
I have my intranet server.....but now, i must access this server from outside but with some kind of password/authentication.
For this you need a reverse proxy, not transparent proxy.
A reverse proxy acts as if it was the web server, on authority by the web server owner. This can use authentication, but only if the web server as such does not (or if it does the same user+password must be used, and only Basic authentication).
A transparently intercepting proxy hijacks the users requests, acting by spoofing as if it was the web servers (all web servers in the whole world) on the TCP/IP level, but neither authoratively nor physically.
Regards Henrik
