Re: [squid-users] transparent proxy + auth

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 1 May 2005 16:20:06 +0200 (CEST)

On Sun, 1 May 2005, S.M.H. Hamidi wrote:

> This solution only works when there is a one-to-one
> mapping between users and ip addresses but imagine
> circumstances where all users have same ip addresses(
> e.g. terminal server users).
>
> The definite solution to this problem is
> "cookie-based authentication" which is implemented by
> some commercial products like bluecoat ProxySG
> (http://www.bluecoat.com/downloads/support/BCS_tb_enabling_transparent_auth.pdf)
>
> and Novell BoarderManager
> (http://support.novell.com/techcenter/articles/cfa03332.html)

This is doable as well, using the exact same mechanism.

But you probably want to extend Squid slightly to filter out that cookie
on the forwarded requests to not leak session information to the web
servers.

Regards
Henrik
Received on Sun May 01 2005 - 08:20:13 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT