Search squid archive

Re: Help on squid external proxy configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2014-07-01 21:23, Roberto PATRICOLO wrote:

Hi all

I'm new in this environments, so I've a problem related to an
application in an environment that uses a NTLM authentication. This
kind of
authentication is not supported by the sw I'm using so the support
said me that the best way to solve the issue is installing a squid
proxy server
in order to use my box as a proxy without authentication internally
and use the squid proxy as connecting to another external proxy
using the normal credential.
FYI: there is no "normal" credentials. There is only the authentication scheme and credentials you choose to use.
The recent releases of Squid can connect to parent proxies with Basic authentication or Negotiate/Kerberos authentication credentials. 


Hope my explanation is clear.

Practically,  my box with a squid proxy server installed must receive
the http requests from my sw and use this proxy to connect without
credential
to the external proxy with normal... and it, defintely, will connect
to internet site I'm searching for.

How can I do this?   what simple kind of configuration I must to use
in my squid proxy server?


Default proxy configuration to start with.
* Configure a cache_peer entry pointing at the upstream proxy. Use the login= option to configure the Basic authentication credentials your Squid proxy is to use to login to the upstream peer.
At this point any client you permit to use the proxy can relay requests to the upstream proxy (no authentication required by them). You can choose to leave it like this, to setup an external_acl_type helper that provides per-client credentials for the upstream proxy, or to setup auth for the clients.
NTLM authentication with the client sw is covered in http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm. Be aware that NTLM is starting to have problem reports registered against it. The reasons vary between an undiscovered bug in Squid (suspected, not proven) and NTLMv1 / LM support being disabled in many applications nowdays (they can be decrypted by attackers in realtime faster than the client can login). 


HTH
Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux