Squid + SquidGuard + ( Transparent proxy & Proxy Authentication )
-
I'm trying to do a transparent proxy with squid + squidguard for filtering that all the addresses that are permited by the filter pass automatically, but the blocked addresses ask for password. I know that it is not possible to use the default proxy auth when in transparent proxy, but what happens if in my network I have some machines that use only the transparent proxy and other ones that use the proxy specified in the browser config.
The first will only get output to permitted pages
The second will get output to permitted pages without authentication, but if they try to access to blocked pages, then the proxy will ask for authentication.
Manually it can be done with two ports, like 3128 for trasparent proxy and 8080 for non transparent proxy, but I want to know if it is possible something like this with the webgui.
Thanks
-
Authentication doesn't work with transparent proxying. You need to actually have the clients contacting the proxy directly (setting the proxy port on the clients) in order for them to respond to the authentication request properly.
-
I know that. But I can have some users that uses the transparent proxy and some other users that have configured the proxy. I want to authenticate the latest group while both of them need to pass the squidguard rules.
The problem is that I can't enable in the proxy configuration transparent proxy and user authentication at the same time with default config. I was able to configure that using custom parameters.
The way I did it is setting the proxy as transparent one with default parameters, and adding the auth rules just before the call to squidguard, all of this inside the squid custom parameters.
I also added a forward rule in the firewall, that catches all the traffic from local net (192.168.x.x/xxx) to some other net that is not the local net (! 192.168.x.x/xxx) to port 80, then I forwarded this traffic to localhost port 80, and all worked just like I wanted, so it is possible to do that with some tweaking, but I will be wonderful to have this parameters on the default configuration.
I think that is almost possible also to have authentication with transparent proxy this way: if the browser is authenticated, then it pass OK, if not, then, instead of the "error page" it is shown a "login to proxy page", after that, if logged OK, a rule is configured on the proxy that do a relation between browser IP and username for X minutes.
-
Try This:
Let your squid listen on Optional Interface in Non Transparent Mode. Just forward all the http traffic from LAN interface to Optional Interface where your squid is listening (Default 3128). Since Your Squid is not going be in Transparent Mode you can Enable Authentication.
:)