The biggest problem here is that authentication is not compatible with
transparent redirection
(http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.16). Fix that minor
issue, and authentication will give you a one-to-one relationship between
requests and surfers.
An other option would be to have a squid server in each of the three offices
transparently intercepting requests and forward those requests to the main
squid server. I think there's a patch to use the "X-Forwarded-For" IP in
the logs. Then again, that's adding a lot of complexity.
Perhaps a better method would be to push the natting outside of the squid
server. Keep the private networks, but route them instead of natting them.
Use NAT at the internet gateway. Again, a complex solution, but possibly
the most elegant.
Chris
-----Original Message-----
From: Matthew J. Brown [mailto:mjb@srinc.biz]
Sent: Thursday, January 20, 2005 11:12 AM
To: squid-users@squid-cache.org
Subject: [squid-users] Authentication
Greetings,
I'm the systems administrator for 3 offices all located within one building.
Each office has their own private network and every request out to port 80
from the network is forced through Squid via iptables/portforwarding.
Here's my question. Given that each office has their own private network,
Squid only sees the IP address of the routers and not of each individual
client IP.
What I would like is to be able to log a client ip/username/machine
name/something along with the http request. I've been playing around with
Squid authentication but have not had much luck getting it to work. Would
this even accomplish my goal? If so, how does one turn on authentication
within Squid?
I've compiled the basic module and enabled everything I believe there is to
be enabled according to the Squid docs.. I've configured my ACL's according
to what I've read on the web and when I turn it all on, I get "Access
denied", rather than a prompt to login.
Any help is appreciated.
Thanks!
- Matt
-- This message has been scanned for viruses and dangerous content and is believed to be clean.Received on Thu Jan 20 2005 - 15:14:07 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:36 MST