> Dear Squid users,
>
> I was wondering if the following can be accomplished in squid:
>
> Say, a user starts using the proxy
> 1 he is not logged, so he gets redirected to a webpage over https
> 2 the webpage authenticates him, and sets a cookie in his browser
> 3 he is then redirected to the original url he was surfing to
> 4 squid checks if the cookie is valid and authenticates the user
> 5 the user can surf till he closes his browser
>
> In step 4 we never go to the authentication webpage unless the cookie is
> not valid.
>
> In the back ground we would then run a script that parses the log file
> and updates a database. So the next time a user logs in we can deny him
> access.
>
> The current solutions I have found have the following problems:
> - they use basic authentication, so password is sent in clear text of
> the wire
> - they redirect all requests to a redirect url
>
>
> Can it be done with squid?
Yes. But its very complicated.
Since you are calculating your database of 'not okay' users based on IPs
you can drop the whole cookie thing and simply create an external_acl_type
helper that checks the current database records directly for each request.
Using an external helper, lets you do:
.. <define external helper and ACL 'LoggedIn'>
deny_info https://exmaple.com/login_page LoggedIn
http_access deny !LoggedIn
http_access allow LoggedIn
Amos
>
> Thanks in advance,
> --
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Rudy Gevaert Rudy.Gevaert_at_UGent.be tel:+32 9 264 4734
> Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept.
> Groep Systemen Systems group
> Universiteit Gent Ghent University
> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>
Received on Thu Apr 09 2009 - 03:26:35 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 09 2009 - 12:00:02 MDT