Re: [squid-users] ACL to match arbitrary reply header, in-memory fast authentication

From: Robert Collins <robertc@dont-contact.us>
Date: 05 Aug 2003 07:11:17 +1000

On Tue, 2003-08-05 at 06:34, Joshua Brindle wrote:
> Ok, I'm not sure if this makes sense but I have some special needs
> and can't quite figure out how to implement them.

I'm a little short on time right now, but a few thoughts may help you...

firstly, the latency on an external helper, combined with squids result
caching is /unlikely/ to be an issue - when compared to typical internet
site RTT.

secondly, forms based authentication has been discussed several times
here. It's a bit of a 'brew-your-own' solution. You can do it without
altering the source: (From memory - look it up in the archives for
previous discussions).. Use a redirector (where you want to trigger
authentication) to redirect the user (remember, you can have squid fetch
the redirected page itself, preventing squid-client latency) to your
webserver with the form logic on it, saving their request (don't forget
to take care of POST data!) while you authenticate them, and then pass
them back to the original site. Make sure that access to that webserver
is also done via squid. Finally, add an external acl that you can pass
whatever cookie or url details you set in the forms authentication, and
it will provide squid with the login details. Lastly, you just use that
acl as normal in your http access rules.

lastly, checking for your X- headers is trivial via a second external
acl.

I suspect you'll find squid-3.0 much easier to accomplish this with.

Cheers,
Rob

-- 
GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.

Received on Mon Aug 04 2003 - 15:11:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:35 MST