Re: [squid-users] authenticate request every page problem

From: otrcomm <[email protected]>
Date: Sat, 18 Nov 2006 20:43:35 -0700

> NoCat keeps up with sessions based upon ip addresses and mac addresses, but it also has the ability to request authentication.
>
> I can setup NoCat to operate in "captive" mode where the users are required to authenticate, and I could take Squid out of
> authentication mode and pass the username to Squid in the header from NoCat (after some recoding), but would that do any good?

>Can be done. Or you could make Squid query NoCat.

NoCat is a WiFi gateway listening to port 5280 on eth1 where I have a wireless access point. NoCat captures all the users on the
wireless system and directs their traffic to port 80 on the server. I have an iptables rule to redirect port 80 traffic to Squid,
so I do not think Squid could query NoCat efficiently.

Since all I need to do is pass a url and username to squidGuard, I could make NoCat communicate with squidGuard the same way Squid
communicates to redirectors. Then if the request makes it through squidGuard, NoCat would pass the traffic to port 80 and on to
Squid. This way I could turn off the redirector and authentication in Squid. Think this would work?

Question: squid builds a special header to pass to redirectors, correct? That is, I see headers like this:

http://www.montessoriconnections.com/ 10.10.1.251/- otrcomm GET

in my debugging logs for squidGuard. So, what is the format of the header that Squid sends to the server where
montessoriconnections.com resides?

Would it be something like (without the quotes):

"GET http://www.montessoriconnections.com HTTP/1.1 \r\n"

What I am asking is, what is the ideal header format to send from NoCat to Squid?

Regards,

Murrah Boswell

>In both cases you need an external acl helper returning the correct
>username to Squid. See the external_acl_type directive.

>If using the header approach then the username is actually given by
>Squid to the helper, but Squid does not yet know it's a username until
>the helper says so.. And you also need a header_access directive to stop
>the custom header from being forwarded out..
Received on Sat Nov 18 2006 - 20:43:33 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST