On Thursday 08 May 2003 07.07, Graham Toal wrote:
> 1) ip redirection first to a web page which does the authorization
> and which modifies the ip redirection after it has done so (pretty
> much the same mechanism as captive portals)
Possible.
> 2) use squids dynamic redirectors to redirect *urls* until
> authenticated and then stop redirecting them afterwards.
Basically same thing I think.
> I've looked on the web site at the redirectors and authenticators
> and the most promising one appears to be squidguard but it looks
> rather complicated for what I want.
SquidGuard is not what you want. You want something new which can
interact with your selected authentication method to decide when to
stop redirecting the client for authentication.. No such redirector
exists today as it is intimately connected to the authentication
system you select to use..
> I can see how a redirector could dynamically decide to block or
> pass depending on whether someone had authenticated or not, and I
> know that an external cgi can tweak the iptables or ipchains, but
> I'm not at all sure how one might tweak squid acls dynamically
You can tweak Squid acls dynamically by two methods:
a) By using a redirector to implement the acl, which uses an external
database.
b) By using external_acl helpers which uses an external database.
My preference is for external_acl helpers.
> after someone has authenticated externally - would you have to
> rewrite the squid.conf file and send squid a HUP signal (or restart
> it?),
Modifying squid.conf in this manner is not recommended.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [email protected]Received on Thu May 08 2003 - 01:55:50 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:22 MST