On Thu, 23 Sep 2004, Martyn Bright wrote:
A specific external site (that I do not control) the users need is https and not available via the remote proxy - squid goes to it directly.
I need the users to authorize before they connect to this specific site. Unfortunately with basic auth, IE helps(!!!) by offering to remember the users password details. I cannot allow this as the clients are accessible by the public and must not be able to get to the secure site without having to type in a password. I know I can disable this IE helper functionality in windows, but that will stop it for all sites which is not what I want.
I figured that if I pass authentication control to a web page of my own, I should be able to stop IE from interfering.
Not really. If IE understands this page contains a password form it still allows you to save the password...
And since the site is using https the proxy has no means of modifying the requests or add/delete any information while forwarding the request. All the proxy sees is that the browser wants to connect and do something at the requested side, nothing more.
If the site was using http then Squid would be able to use other means of providing the authentication credentials, but with https sites the encryption considerably limits the man-in-the-middle capabilities.
Regards Henrik
