Chris Perreault wrote: > > There was a patch, just mentioned recently, that was posted here about a > month ago. We had it created for us to do the following: > > In reverse proxy (accelerated mode): > > User wants to hit internal webserver. > > Browser sends the user to the proxy which uses a redirector that sends > them > to a webpage. The webpage collects username/password from the user and > auth's against a ldap directory. At that point we can also modify the > headers, create headers, copy headers, etc and then, if authenticated OK, > they are allowed to continue on their way. If not they get an error via a > webpage on the same validated webserver. (Apache in this case).
Can you recall the thread it was discussed in, I can't find it. I am not sure if I am using a sledgehammer to crack a nut here. My scenario is:- Local user always uses local squid proxy to access all web content. The local squid forwards to a remote proxy (not squid) that does not require authentication. A specific external site (that I do not control) the users need is https and not available via the remote proxy - squid goes to it directly. I need the users to authorize before they connect to this specific site. Unfortunately with basic auth, IE helps(!!!) by offering to remember the users password details. I cannot allow this as the clients are accessible by the public and must not be able to get to the secure site without having to type in a password. I know I can disable this IE helper functionality in windows, but that will stop it for all sites which is not what I want. I figured that if I pass authentication control to a web page of my own, I should be able to stop IE from interfering. Thanks for the input Martyn