Re: [squid-users] Authentication Hack

From: <jonr@dont-contact.us>
Date: Fri, 29 Feb 2008 11:57:12 -0900

Quoting Dave Coventry <dgcoventry@gmail.com>:

> I understand that transparent proxy cannot ask the browser for
> Authentication because the browser is not aware of the existence of
> the proxy.
>
> I can't believe that there is not a work-around for this...
>
> I have several laptops on my network which are used on other networks,
> so I need the connection through the proxy to be "automagic" to the
> extent that I don't need to ask my CEO to reconfigure his browser
> everytime he comes into the office. But I also need to be able to
> track web usage.
>
> I have thought up a hack involving the following:
> I can set up a file containing an ip address on each line /etc/squid/iplist.
>
> Then I set up the squid.conf to have the following line:
>
> acl authorisedip src "/etc/squid/iplist"
>
> I changed the ERR_ACCESS_DENIED file to contain a form which calls a
> perl program (catchip.pl) passing it a username and password which, if
> correct, appends the user's ip to the /etc/squid/iplist file.
> (removing the IP when the user closes his browser would be trickier).
>
> However, this all falls down because it appears that the file is only
> parsed on startup which sort of subverts it's usefulness.
>
> I can't believe that this avenue has not been fully explored. Can
> anyone comment on this hack?
>
> Is there a simpler method of getting this done?
>

Have you looked into a .pac file? It can be configured to tell look
for which network you are on and depending either go through your
internal proxy or if outside to use the external address.

Hope that helps,

Jon
Received on Fri Feb 29 2008 - 13:57:46 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:06 MST