I have a Squid Proxy server (Debian) working perfectly with authentication:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
I'd like that also client that try to get web pages using the proxy as gateway (port 80) get redirected on port 3128.
I've tried iptables:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
without luck because in that case my port 80 clients get an error:
The following error was encountered:
Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed
so I decided to simply let squid listen on both ports modifying squid.conf: 3128 and 80
http_port 80
http_port 3128
What happens?
A client regularly connecting to 3128 has to enter password and a client without proxy configured (and therefore working on port 80 because the squid is also firewall / router and gateway of our small network) can surf the internet without entering user/pass.
How can I solve the problem?
Iptables or squid.conf I don't care.
Best Answer
Put the transparent proxy to listen at the 3129 port, and redirect every request to it comming on the 80 port:
Squid.conf:
This way, transparent proxy will be the default option, and, people that uses it authenticated, have to configure proxy:3128 on their browsers.