OK, I talked to the boss about this and he doesn't like my explanations. I need to better understand the reasons why not. > You wouldn't stand for your browser to submit > credentials to any old server that asks for it, ESPECIALLY when you, the > user, are not expecting it to hand out any information. Attempts to enforce > transparent proxying plus authentication will just fill your log files with > squid saying things like "authentication not required for accelerated > requests". In the specific scenario I mentioned, the browser isn't submitting any credentials. The traffic is being intercepted and routed through a local proxy which in turns forwards requests to a remote proxy w/ authentication. It seems to me that the browser is completely unaware that there is any interception taking place. Isn't that the point? > If you want authentication the best you will be able to do is allow requests > to the proxy (when they put the proxy information in their browser) and then > deny any port 80 traffic (unproxied traffic). If they remove the proxy > information, their web browsing will be met with a squid (or iptables) > access denied message until they replace the proxy information to how it > was. So what is the purpose of the login parameter for the peer_cache config option? Thanks for explanations.
