On Mon, 15 Sep 2003, WA Support wrote: > Currently I have squid-3 configured to authenticate user to access the > proxy. I assume that squid binds the authenticated username with the > thread or session id, is this correct?
Neither. Squid does not bind the authenticated username to any kind of session. The browser does bind the username to the current browsing session, and provides the user credentials on each and every request to the proxy. > Now, what I would like to do is NOT require authentication to squid, but > be able to have a user login to to a system that I am writing that will > allow them to override the squidGuard redirection call in redirectStart. Ok. Then you need to figure out how this other system outside of Squid is to communicate the reqults to Squid making it available to redirectStart. Also you need to decide on what to keep as session identifier. Basically only the source IP address of the user is available as possible source for session identifier when not using proxy authentication. > The way I would like to work this is when the user submits a username > and password to go into override mode, squid will add this user to > authenticateUserRequestUsername(http->request->auth_user_request and > bind it to the current session id or thread. Won't work with the above.. for these structures to at all exists you need to use authentication in Squid. But is is not terribly important. > Then each time through redirectStart, squid just check to see if > authenticateUserRequestUsername(http->request->auth_user_request is > !NULL. If !NULL, then bypass redirect call. Ok, but you need to find another place to store this if you are not using proxy authentication in Squid. Regards Henrik
