On Mon, 2006-02-20 at 21:28 -0600, Steve Brown wrote: > > http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy > > I'm confused by this link. You tell me to "drop it" and point me to a > page that has two paragraphs about why it *shouldn't* be done, then > spends the next three pages describing all the ways it can be done? It _can_ be done, and in some cases it's the best available solution. HOWEVER if I remember correctly you want to authenticate users in a transparent environment, and it won't work. It's not a squid bug, or misfeature, it's actually a *browser feature*. Quoting from that page (I've added the chapter yesterday as it's an all-time FAQ, it could use some proofreading ;) ==================== Interception Proxying works by having an active agent (the proxy) where there should be none. The browser is not expecting it to be there, and it's for all effects and purposes being cheated. If I were an user of that browser, I would require it not to give away any credentials to an unexpected party, wouldn't you? Especially so when it can do so without notifying the user, like Microsoft browsers can do when the proxy offers any of the Microsoft-designed authentication schemes (see ../ProxyAuthentication and NegotiateAuthentication). In other words, it's not a bug, but a security feature. ==================== Kinkie
