[squid-users] Public access catalog in a library - eek!

From: Brett Charbeneau <[email protected]>
Date: Tue, 19 Nov 2002 12:14:55 -0500 (EST)

Gang,

        Many thanks in advance to anyone who can find the time to respond
to my quandry!
        I'm running the RPM version of squid-2.4.STABLE6-6.7.0
and using squidGuard-1.1.4-11mdk as a redirect program on a RedHat 7.2
box with kernel 2.2.20.
        We recently moved to a web version of out online catalog and we're
experiencing a weird problem with patron user accounts. Our catalog is
here, for the curious:

                http://catalog.wrl.org

        When a patron successfully logs into their account on one of our
clients (routed through Squid) they can then walk over to any *other* of
our clients and click on the "My Account" icon and see their account
information. This is true across subnets and for any client using Squid as
a proxy.
        This migrating login freaks staff and patrons out in this age of
Big Brother.
        The catalog product, called iPac from "epixtech", is only in
version 2.02 and purports to work with all "fully compliant HTTP 1.1
proxies".
        Okay, fine.
        I've set up my Squid box - I think - to route all requestes
destined for our catalog *directly* to the catalog server and we've still
got this issue. I've included the non-commented part of my squid.conf file
below.
        If someone could take a peek at this and tell me if I'm goobering
the config so bad that Squid is still caching the cookie/token/whatever
that marks a patron session, I sure would be grateful.
        Thank you very much for any help you can offer!

Brett Charbeneau, Network Administrator Tel: 757-259-7750
Williamsburg Regional Library FAX: 757-259-7798
7770 Croaker Road brett@wrl.org
Williamsburg, VA 23188-7064 http://www.wrl.org

cache_dir ufs /var/spool/squid 60000 16 256
log_fqdn off
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl allowed_hosts src 192.168.7.0/255.255.255.128
acl allowed_hosts src 192.168.7.128/255.255.255.128
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow allowed_hosts
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
miss_access allow all
append_domain .wrl.org
forwarded_for on
acl local-servers dstdomain .catalog.wrl.org
no_cache deny local-servers
always_direct allow local-servers
Received on Thu Nov 21 2002 - 11:14:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:30 MST