Re: authentication problem

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 29 Oct 1999 03:50:20 +0200

J|rgen Sandner wrote:

> The problem:
> people without the right to fetch pages from the internet can view the pages,
> that are in the cache.
> I had something in mind, that squid shouldn't cache those pages, because they
> should be considered as "private".

No, the pages as such are not private. Your access rules does not change
a pages status from public to private.

Squid is intentionally designed in this way to allow the use of proxy
authentication in a caching hierarchy.

What you really are looking for is the possibility to authenticate the
user at multiple levels in your cache mesh to allow each cache to apply
access control rules based on the user identity. Doing this currently
requires a small patch in http.c to not remove the authorization header,
or to set up specialized authentication between the caches and only
authorize users at the inner borders (first cache receiving the request
from the user).

--
Henrik Nordstrom
Squid hacker
Received on Thu Oct 28 1999 - 20:27:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:07 MST