≡ Menu

proxy authentication

Squid proxy authentication in transparent mode

Q. I was referring to your Squid transparent proxy configuration howto, and my question to you - can proxy authentication be done in transparent mode?

A. Short answer: noop, you cannot use Squid proxy authentication in transparent mode.

From official squid docs:

Authentication cannot be used in a transparently intercepting proxy as the client then thinks it is talking to an origin server and not the proxy. This is a limitation of bending the TCP/IP protocol to transparently intercepting port 80, not a limitation in Squid.

How to: Linux / UNIX setup Squid Proxy authentication

Q. I'm using Squid Cache Version 2.6.STABLE. It is configured perfectly and I'd like to know how do I allow squid to only authenticated users?

A. Squid can authenticate users if squid is configured to use proxy_auth ACLs. Browsers send the user's authentication credentials in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.

If the header is missing, Squid returns an HTTP reply with status 407 (Proxy Authentication Required). The user agent (browser) receives the 407 reply and then prompts the user to enter a name and password. The name and password are encoded, and sent in the Authorization header for subsequent requests to the proxy.

Your Squid software comes with a few authentication helper programs. These include (click link below to open Squid cache authentication configuration tutorial):