On Thu, 30 Oct 2003 [EMAIL PROTECTED] wrote: > The first is authentication. That howto specifically says that you cannot > use authentication via transparency.
Correct. Interception abuses fundamental TCP/IP design properties, and can not solve all problems. It is generally an evil hack. > The sole purpose of us using the proxy is for authentication. Then you need to investigate other means of getting the users to use the proxy. There is * WPAD * Proxy-PAC files * Manual browser proxy settings * Blocking access to port 80 and 443, giving an error message instructing the user to reconfigure their browser to enable one of the above. (same technique as interception, but sending the traffic to a web server instead of the proxy). * Automatic login script settings to have the above settings done automatically at login time. This method is used in many corporate environments to automate the above. > The second is because of https. We have to allow https traffic, as well. As above.. > Can anyone please verify these two pieces before I tell my boss no? :-) The information you have found is correct. Not much to add. But it is not the end of the world. In the long run you will be better of if you don't go for interception anyway. Regards Henrik
