Re: [squid-users] Squid Authentication : Again

From: Henrik Nordstrom <[email protected]>
Date: Thu, 1 Jan 2004 20:04:50 +0100 (CET)

On Wed, 31 Dec 2003, OTR Comm wrote:

> I am trying to figure something out. When Squid is configured to
> authenticate, how does it keep up with the different session for
> individual users who have logged on?

There is no sessions in HTTP.

Each and every single request (HTML, image, style sheet etc etc) sent by
the browser is authenticated to the proxy. The session is within your web
browser where it remembers the login+password used for authentication to
the proxy.

> N2H2, the company that wrote the Bess Filtering system, uses Squid
> without authentication and a filtering helper like squidGuard that
> supports overrides of blocked sites. User who have authority to
> override sites, login and then somehow Squid can distinguish those
> users. How can Squid do this?

If they do not use authentication then they most likely base the level of
access on the IP address of the user.

> I have asked N2H2 for a copy of their Squid code, but they put me off
> and then lately they told me that I have to talk to their legal
> department. Even though Squid is under GPL, they still want me to jump
> through hoops with their legal department.

The GPL only forces them to give you the source if you are a customer of
theirs, or otherwise have legal access to a binary copy of their version
of Squid.

> Does anyone have any ideas about how I can get Squid to recognize
> particular user sessions without requiring authentication?

There is only three methods.

a) Authentication.

b) Access controls based on IP addresses, possibly connected with some
kind of system which can derive from the IP address who the user is. This
requires some kind of system you can query who the user at this IP address
is.

c) Use of the IDENT protocol to ask the client station who the user is.
This requires a IDENT server on each and every client station involved.

Regard
Henrik
Received on Thu Jan 01 2004 - 12:05:03 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:02 MST