Re: [squid-users] Auth Questions

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 13 Nov 2003 09:50:46 +0100 (CET)

On Wed, 12 Nov 2003, Alex Collins wrote:

> 1) Could this session cookie based auth possibly work with squid. I'm
> 100% open to suggestions.

Session cookie auth schemes works with web sites, not general Internet
proxies. This is because cookies are connected to domains visited, not
proxy servers, and also considered a property of the request to be sent to
the web server by the HTTP protocol.

What this means is that you can use cookie auth schemes in a Squid running
as a surrogate/reverseproxy server infront of your (or specific) web
sites, but not in a Squid running as a general Internet HTTP proxy.

> 2) I'd also like to avoid the User Config of the .pac file URL - maybe
> auto send it as required - can this be done ?

If you want the browser to use a specific proxy then the browser needs to
be told this via the configuration methods supported by the browser. What
methods are applicable depends on how much control you have over the
environment where the browser runs.

> 3) Could a small java app push everything through the proxy after they
> are authenticated and identified as being off campus? Maybe sent from
> the squid server, maybe a.n.other web server. This could also help
> eliminate a further set of issues relating to Citrix ICA stuff.

Don't quite follow this.

> 4) Am I totally barmy for even attempting this in the first place ?

Maybe, maybe not.

Regards
Henrik
Received on Thu Nov 13 2003 - 01:53:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:16 MST