lucas coudures wrote:
> I have a testing computer with squid and this is behind a ntml proxy
> in another computer.
> I am using this:
>
> cache_peer xxx.xxx.xxx.xxx parent 3128 0 default
This seems to indicate that Squid is not passing authentication, which
would make it the last proxy in the chain, but ...
>
> never_direct allow all
> i use never_direct because if i don't use this i get the time-out message
...this indicates that Squid is having to use another proxy.
>
> this is working ok, now i want to make squid transparent but i can't,
> in my home i have a adsl internet connection and squid transparent,
> this computer is connected to a router so i have always internet, and
> y use squid with:
> http_port xxx.xxx.xxx.xxx:3128 transparent
> and work ok, but when i use this rule behind NTML proxy doesn't work =(
>
>
The flow is a bit unclear to me. If it goes like...
Client -> Squid -> NTLM Proxy
... then Squid can't be "transparent"*, as you can't mix interception
proxies and authentication**. If the flow is like...
Client -> NTLM Proxy -> Squid
...then I don't see why it wouldn't work, assuming you have the
interception set up properly.
More information is needed, such as:
How doesn't it work when Squid is set up for interception?
How are you intercepting the traffic and sending it to Squid?
What does the flow actually look like?
Why do you need to set never_direct allow all? That lends credence to
the "Client -> Squid -> NTLM" setup, which won't allow for interception.
Chris
*Unless your browser is set up to use a proxy and you are intercepting
the traffic intended for THAT proxy. That might work. The reasons for
doing such a thing escape me...
** Technically, you can't mix "HTTP proxy authentication" with an
interception proxy. There are some clever hacks possible for
out-of-band authentication with a transparent setup.
Received on Fri Jun 08 2007 - 13:29:20 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT