Eric ANDRE - SECURALIS wrote:
Hi mailing list,
According to the squid FAQ, the authentification is not possible in transparent mode because of browser security feature. Indeed, this last is not expecting the proxy. Nevertheless, is there someone who knows a bypass method? Deactivate this browser feature or something else?
It's not so much of a feature as reality.
http://www.squid-cache.org/mail-archive/squid-users/200506/0638.html
That said, there are two possibilities listed in the mailing list
archives. IP-based out of band authentication (the helper keeps a list
of IPs that have passed the authentication procedure, and redirects
non-authenticated IPs to said procedure) and cookie-based authentication
(which carries the problem of getting the browser to submit the cookie
for every web request, and filtering that cookie from the rest of the
world).
From what I understand, Squid 2.6 has a session helper that might be
used to help implement the IP-based authentication. See the man page in
the Squid source for usage.
The cookie-auth method is proposed at
http://www.squid-cache.org/mail-archive/squid-dev/200506/0034.html,
questioned at
http://www.squid-cache.org/mail-archive/squid-dev/200506/0035.html and
fleshed out some more at
http://www.squid-cache.org/mail-archive/squid-dev/200506/0039.html.
Thank you in advance of yours responses.
Eric ANDRE
Securalis | 10, rue Ballu | 75009 Paris
Tél +33.(0)1.53.43.06.06 | support 0 820 820 848
Fax +33.(0)1.53.01.29.44
eric.andre@xxxxxxxxxxxxx | www.securalis.com
Chris
