On Thu, 2003-02-06 at 09:41, Henrik Nordstrom wrote:
> David O'Sullivan wrote:
>
>
> > The problem is that what I would like is for users to be initially presented
> > with a disclaimer form which they must accept before the proxy
> > authentication is offered. If they don't accept they are not allowed through
> > the proxy and presented with a decline screen.
>
> This is a little tricky.. requires you to implement a kind of database
> which keeps track of users who have accepted the policy, without knowing
> the user..
>
> If you can accept to identify users by their IP address then this kind
> of access control can probably be implemented, but it is not an very
> easy task.
Here's an approach:
Requests without authentication are redirected to the policy page, with
the original page in a cookie/form submission. The policy page sets a
cookie "POLICY ACCEPTED" when the user accepts the policy. The policy
web server *must* be accessed via squid.
When a request to the policy webserver, with a policy accepted cookie,
is seen, authentication is triggered, and the user redirected back to
the originally requested page.
After that the browser will send authentication to the proxy
automatically, for that session. (May only work for basic
authentication).
Rob
-- GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:15 MST