Re: [squid-users] advisory message before browsing

From: Henrik Nordstrom <[email protected]>
Date: Wed, 3 Nov 2004 11:36:58 +0100 (CET)

On Wed, 3 Nov 2004, Rolf wrote:

> All users will be subject to basic auth upon first trying a url.

Ok. trivial.

> Having been authenticated they get to the policy page, but upon return from
> the policy page, I can't see how to know they've been there and not to
> redirect them again.

As I said your redirector and the policy page needs to be sharign a common
database of which users have accepted the policy.

> This is indeed your excellent "policy accepted database" idea

Yes.

> but how can I implement it?

By selecting the type of database you use, then write a redirector and a
CGI capable of accessing this database to exchange the information about
the status of the user.

> Can I do so with ACLs and redirector_access?

Via an external acl helper yes. Just remember to set the negative ttl to
0.

> It sounds like it needs some database arrangement that is populated by the
> script that runs the policy page. And de-populated by some other scheduled
> task that removes old entries.

A simpler design is to simply store a timestamp in the database indicating
when the user last accepted the policy.

> But, how does squid see these entries?

By your redirector or acl helper querying the same database as the policy
page script.

Regards
Henrik
Received on Wed Nov 03 2004 - 03:37:01 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST