I need to configure a transparent proxy to an upstream authenticating proxy and I believe that Squid should be able to do this. I've been searching the net for months now and would really appreciate any advice or pointers. 1. I can not use the standard upstream cache peer methods because the upstream "Blue coat" proxy uses NTLM authentication and can not work with an intermediate proxy. I have no control over the upstream proxy. 2. The FAQ says authentication can not be run on a transparent proxy, this is acceptable because I do not want to authenticate on the transparent proxy, I want the transparent proxy to let the user authenticate to the upstream proxy. 3. I have considered using reverse proxy mode, if you think it is worth a try, please say so. >From the FAQ at SquidFaq/InterceptionProxy: Q: Why can't I use authentication together with interception proxying? A: Interception Proxying works by having an active agent (the proxy) where there should be none. The browser is not expecting it to be there, and it's for all effects and purposes being cheated or, at best, confused. As an user of that browser, I would require it not to give away any credentials to an unexpected party, wouldn't you agree? Especially so when the user-agent can do so without notifying the user, like Microsoft browsers can do when the proxy offers any of the Microsoft-designed authentication schemes such as NTLM. In other words, it's not a squid bug, but a browser security feature. Q: Can I use 'proxy_auth' with interception? A: No, you cannot. See the answer to the previous question. With interception proxying, the client thinks it is talking to an origin server and would never send the Proxy-authorization request header. PS. My OS is OpenSolaris. Thanks for the help Jaco Vosloo Software Architect "Most Enterprise Architecture frameworks help you plan where you are going. TOGAF, uniquely guides you along the way." To read WesBank's Disclaimer for this email click on the following address or copy into your Internet browser: https://www.wesbank.co.za/WesBankCoZa/about/legal/emaildisclaimer.jspx If you are unable to access the Disclaimer, send a blank e-mail to emaildisclaimer@xxxxxxxxxxxxx and we will send you a copy of the Disclaimer.
