Re: [squid-users] Session Tracking

From: Matt Cochran <matt.cochran_at_yahoo.com>
Date: Thu, 15 Sep 2011 06:36:20 -0700 (PDT)

Thanks, Amos. I'm trying to apply different rules to different users coming from behind a firewall, i.e. so that the kids can go to only their sites and the adults to anywhere. I'd like to make it such that authentication can be handled by my own UI, and that authenticating one user doesn't change the permissions for another. I was looking at the session auth handler example in 3.2 and noted that it appeared to be using IP addresses to track users. I'm just thinking through scenarios right now, so if I'm making a problem out of nothing please feel free to set me straight. Matt ----- Original Message ----- From: Amos Jeffries <squid3_at_treenet.co.nz> To: squid-users_at_squid-cache.org Cc: Sent: Thursday, September 15, 2011 6:06 AM Subject: Re: [squid-users] Session Tracking On 15/09/11 15:33, Matt Cochran wrote: > I'd like to be able to 'lightly' authenticate my users with an > external login process/web application, I say lightly because > security isn't as important as distinguishing between users coming > from the same NAT'd IP address. Is there either a way to set a > session ID that can be read from the Squid process, or is there a > better way to distinguish between users like this? With great difficulty. You can write (find?) an external ACL helper to accept the Cookie header and process it for a session ID and present that back to Squid as a user= or tag= key value. Why does the NAT'd IP address matter that much? relying on cookies will still fail if the user does not want you to get any cookies from them, or if they are fetching cached content from Squid. Amos -- Please be using   Current Stable Squid 2.7.STABLE9 or 3.1.15   Beta testers wanted for 3.2.0.11
Received on Thu Sep 15 2011 - 13:36:27 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 15 2011 - 12:00:02 MDT