Dear Squid users,
I was wondering if the following can be accomplished in squid:
Say, a user starts using the proxy
1 he is not logged, so he gets redirected to a webpage over https
2 the webpage authenticates him, and sets a cookie in his browser
3 he is then redirected to the original url he was surfing to
4 squid checks if the cookie is valid and authenticates the user
5 the user can surf till he closes his browser
In step 4 we never go to the authentication webpage unless the cookie is
not valid.
In the back ground we would then run a script that parses the log file
and updates a database. So the next time a user logs in we can deny him
access.
The current solutions I have found have the following problems:
- they use basic authentication, so password is sent in clear text of
the wire
- they redirect all requests to a redirect url
Can it be done with squid?
Yes. But its very complicated.
Since you are calculating your database of 'not okay' users based on IPs
you can drop the whole cookie thing and simply create an external_acl_type
helper that checks the current database records directly for each request.
Using an external helper, lets you do:
.. define external helper and ACL 'LoggedIn'
deny_info https://exmaple.com/login_page LoggedIn
http_access deny !LoggedIn
http_access allow LoggedIn
Amos
Thanks in advance,
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert rudy.geva...@ugent.be tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept.
Groep Systemen Systems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
