Since WPA is so flaky under Linux with the Westel's provided by Verizon DSL I often connect to my kid's wireless network which is sort of wide open. When I connect I've been using the built-in SOCKS proxy in SSH but I've started using Opera (9.6) since the font rendering is a little nicer on the eyes, but it doesn't support SOCKS?
Oh I know I could come up with selective authorization under squid depending on if I login or the kids do, but I'm too lazy for that so I decide. But to find an HTTP proxy other than squid that supports authentication and is available as a Debian package. Pretty tough. Zorp looked interesting but too painful.
So I've used Apache as a reverse proxy but never a normal forward proxy. Maybe all the cool authentication methods that work with Apache would work with mod_proxy?
Well I had nothing better to do while waiting for my daughter to fall asleep tonight. Damn red velvet cake my wife made had her totally wired. And I'm shocked as hell I got all this working, since I'd never even done Digest Authentication before on anything.
These are the modules you will need enabled although most of these were dependences: mod_proxy, mod_digest I think were the only ones I added.
alias.load autoindex.load proxy.conf
auth_basic.load cgid.conf proxy_connect.load
auth_digest.load cgid.load proxy_http.load
authn_file.load dir.conf proxy.load
authz_default.load dir.load setenvif.load
authz_groupfile.load env.load ssl.conf
authz_host.load mime.load ssl.load
authz_user.load negotiation.load status.load
So this works on Firefox 3.0.3 and Opera 9.6 but SSL is not properly forwarded with IE7 despite applying the MSIE BrowserMatch
Here are some the errors I had along the way...
[Sat Oct 11 19:46:34 2008] [warn] proxy: No protocol handler was valid for the URL sitecheck2.opera.com:443. If you are using a DSO ve
rsion of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sat Oct 11 20:18:48 2008] [crit] [client 192.168.10.128] configuration error: couldn't perform authentication. AuthType not set!: ht
[Sat Oct 11 20:37:59 2008] [error] [client 192.168.10.128] Digest: user `mfranz' in realm `Blah' not found: http://gmail.com/
And the Error I get on IE7
[Sun Oct 12 08:12:45 2008] [error] [client 192.168.10.129] Digest: uri mismatch
- > does not match request-uri