mån 2009-07-27 klockan 13:19 +0200 skrev Vosloo, Jaco: > The browser is configured to use the upstream proxy. I want the > transparent proxy to be a MITM between the browser and the upstream > proxy and cache whatever can be cached. This is why I am wondering if a > reverse proxy in front of the upstream proxy might provide the solution? Thanks for your clarification. Your setup is much clearer to me now. You need to use the "login=PASS" argument in cache_peer when forwarding the traffic, and configure your Squid as a non-transparent proxy even if it has traffic redirected to it via NAT. The "transparent" option applies only when the browsers is not configured to use a proxy, not when the browser is configured to use a proxy but is being sent via NAT to another proxy than configured. If the upstream proxy is using Microsoft NTLM/Negotiate integrated login then you need to use a version of Squid that supports the needed HTTP protocol workarounds to support forwarding of this (as it completely violates HTTP message/transport semantics). That is currently means the legacy Squid-2.7 stable release or Squid-3.1 beta releases. Squid-3.0 does not support forwarding of NTLM/Negotiate authentication. If the upstream is relating authentication to the client IP (instead of request/connections) then you also need to use the tproxy feature, to make the proxy spoof using the client IP when talking to the upstream proxy. But this depends on how the upstream manages logged in sessions. Regards Henrik
