Transparent Authentication

We have set up Squid box to transparently intercept HTTP and HTTPS traffic. We would like to enforce proxy authentication. Is it possible?

Unfortunately this is not possible.

Proxy authentication works by challenging the browser with authentication prompts. When browser tries to connect to a resource that needs to be authenticated Squid denies the connection asking browser to authenticate. In case of transparent deployments browser does not know that there is Squid in between and will then silently refuse to provide user credentials when challenged. This behavior is by design.

Starting from Web Safety 6.0 it is possible to imitate the proxy authentication on transparent connections by mapping the IP address of the connecting browser to known Active Directory name for example. For more information see project https://github.com/diladele/active-directory-inspector. Please note this method is only applicable if one user uses one device. It will not work in case of Terminal Server or people roaming between the workstations.