yep, it is an ip based authentication. On Fri, Feb 22, 2013 at 8:40 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 23/02/2013 8:48 a.m., Roman Gelfand wrote: >> >> Please, consider the network topology below. I could always configure >> outgoing http traffic on the firewall to authenticate with firewall >> user. How is this different from having squid authenticate in >> transparent mode? > > > That is a good question. *How* is the firewall getting the clients to add > Proxy-Authenticate headers to their traffic when they are not talking to a > proxy? > > You either have clients who are so broken they transmit the users > credentials to any attacker who wants to request them > > Or you are not doing HTTP authentication on the firewall. > > I think your firewall is not doing HTTP authentication. Perhapse it is doing > RADIUS, with IP-based or MAC-based authorization. > > Amos
