RE: [squid-users] SQUID Transparent Captive Portal w/ Authentication

From: Chris Robertson <[email protected]>
Date: Mon, 18 Jul 2005 11:56:53 -0800

> -----Original Message-----
> From: Lucia Di Occhi [mailto:saint_lucy@hotmail.com]
> Sent: Monday, July 18, 2005 5:46 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] SQUID Transparent Captive Portal w/
> Authentication
>
>
> Has anyone implemented a captive portal registration/authentication system
> with squid in transparent mode? I am already running the latest stable
> squid in transparent mode and I was interested in implementing a captive
> portal w/ registration/authentication for some subnets. When a user
> connects their PC and gets an IP from a specified subnet, I'd like for squid
> to force them to a registration page where they can read our policies and
> submit their LAN username/pass before squid will allow access. I know I
> could just use an authenticator, but it is important that the users read the
> "acceptable use policy" and understand why they are asked for
> authentication.
>
> Thanks.

So you are looking to do authentication with an Intercepting proxy... So many say it can't be done, but than answer is incomplete. HTTP authentication can't be used with an intercepting proxy.

Look into the external_acl_type. Something that uses the Client IP (passing OK for those that source from non-authenticated ranges, or those who have authenticated) and sends people to a custom deny_info page (where they can read the TOS and authenticate) would probably work.

I'm sure there is someone who has done this, as this question comes up occasionally... (http://www.squid-cache.org/mail-archive/squid-users/200505/0001.html for example).

Chris
Received on Mon Jul 18 2005 - 13:56:59 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT