[squid-users] proxy authentication for users hidden behing a NAT device
scenario: users use a client/browser which is located on the company lan using a private IP address the company lan is protected by a firewall which translates all web access into one public IP address the proxy is implemented as a 'cloud service' which does only see the translated (nat'ed) public ip for all clients/browsers in this company i am curious if there exists a solution which works for IE, firefox, opera, ... had a look at: - X-Client-IP header - Flash Local Stored Objects - HTTP Cookies but neither seems to match for my scenario ;( any ideas or has anyone implemented such a solution yet? thank you /pat
Re: [squid-users] proxy authentication for users hidden behing a NAT device
On 01/05/2011 23:58, patrick.oesch...@bluewin.ch wrote: scenario: users use a client/browser which is located on the company lan using a private IP address the company lan is protected by a firewall which translates all web access into one public IP address the proxy is implemented as a 'cloud service' which does only see the translated (nat'ed) public ip for all clients/browsers in this company i am curious if there exists a solution which works for IE, firefox, opera, ... had a look at: - X-Client-IP header - Flash Local Stored Objects - HTTP Cookies but neither seems to match for my scenario ;( any ideas or has anyone implemented such a solution yet? thank you /pat cookies... the ip address is only one part of it. you should use some central authentication in the proxy that will work by auth helper cookie based. i havent used auth mechanizes in squid but i know it works for a lot more then what you have. Regrads Eliezer
Re: [squid-users] proxy authentication for users hidden behing a NAT device
*hmmm* squid auth framework looks promising but cookies are domain-bound... or can i set a cookie which is sent for every get/post request? what about downloads using wget? BR /pat Sent from Pat's iPhone On 02.05.2011, at 00:05, Eliezer Croitoru elie...@ec.hadorhabaac.com wrote: On 01/05/2011 23:58, patrick.oesch...@bluewin.ch wrote: scenario: users use a client/browser which is located on the company lan using a private IP address the company lan is protected by a firewall which translates all web access into one public IP address the proxy is implemented as a 'cloud service' which does only see the translated (nat'ed) public ip for all clients/browsers in this company i am curious if there exists a solution which works for IE, firefox, opera, ... had a look at: - X-Client-IP header - Flash Local Stored Objects - HTTP Cookies but neither seems to match for my scenario ;( any ideas or has anyone implemented such a solution yet? thank you /pat cookies... the ip address is only one part of it. you should use some central authentication in the proxy that will work by auth helper cookie based. i havent used auth mechanizes in squid but i know it works for a lot more then what you have. Regrads Eliezer
Re: [squid-users] proxy authentication for users hidden behing a NAT device
On Mon, 02 May 2011 01:05:14 +0300, Eliezer Croitoru wrote: On 01/05/2011 23:58, patrick.oesch...@bluewin.ch wrote: scenario: users use a client/browser which is located on the company lan using a private IP address the company lan is protected by a firewall which translates all web access into one public IP address the proxy is implemented as a 'cloud service' which does only see the translated (nat'ed) public ip for all clients/browsers in this company i am curious if there exists a solution which works for IE, firefox, opera, ... had a look at: - X-Client-IP header - Flash Local Stored Objects - HTTP Cookies but neither seems to match for my scenario ;( any ideas or has anyone implemented such a solution yet? Proper standards compliant HTTP authentication works for all browsers regardless of the IP routing tricks. http://wiki.squid-cache.org/Features/Authentication Amos