Re: [squid-users] Authenticate to Intranet

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 9 Dec 2003 21:22:44 +0100 (CET)

On Tue, 9 Dec 2003 jburzenski@americanhm.com wrote:

> The intranet page uses NT credentials to automatically authenticate the
> user. I enabled the always_direct option for the local servers but it looks
> like this does not do what I expected it to do (always_direct means never
> cache? My proxy is still in the middle of the connection). Is there
> another option I can enable to pass the credentials through seemlessly or
> even an option to tell the browser to connect to the intranet directly and
> bypass the proxy (without having to configure this options on the client
> side)?

If you want the browser to connect directly then this must be told to the
browser.

Once the browser has selected to use the proxy for the request all the
proxy can do is to either forwrad the request or deny the request with an
error.

Most prefer having browsers configured to go direct to Intranet
applications as there is usually no benefit from caching of these, and
also for authentication/authorization reasons.

The always_direct directive tells Squid that it can not use any cache_peer
while forwarding this request. It is not related to caching or if the
request is proxied via Squid or not.

To control caching you use the no_cache directive.

To control if the request is proxied via Squid or not you give correct
information in the browsers proxy settings regarding what should be
proxied or not. The use of a Proxy Autoconfig script is recommended for
this purpose in complex environment.

Regards
Henrik
Received on Tue Dec 09 2003 - 13:22:51 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:08 MST