On 23/02/2013 8:48 a.m., Roman Gelfand wrote:
Please, consider the network topology below. I could always configure
outgoing http traffic on the firewall to authenticate with firewall
user. How is this different from having squid authenticate in
transparent mode?
That is a good question. *How* is the firewall getting the clients to
add Proxy-Authenticate headers to their traffic when they are not
talking to a proxy?
You either have clients who are so broken they transmit the users
credentials to any attacker who wants to request them
Or you are not doing HTTP authentication on the firewall.
I think your firewall is not doing HTTP authentication. Perhapse it is
doing RADIUS, with IP-based or MAC-based authorization.
Amos
