On Sun, 1 May 2005, Jon Newman wrote:
I work as the lead developer for an ISP in Houston TX. I am developing a transparent bridge/filter/firewall for our customers where we map each customers IP/MAC/etc (and other information depending on the type of account and whats available to 'map' them) to their account,
For this IP based authentication works very well with Squid. All you need is a small helper querying your backend system for the current user name of the IP and you will get the user name in your logs for proper accounting. But as you note you then also will need to live with the limitation of not being able to identify individuals behind NAT or proxies.
As you are an ISP this usually isn't a limitation, but in an office environment it often is a noticeable limitation.
This sais, the mentioned Cookie scheme is not without flaws either. It changes the web traffic flows in subtle manners to replicate the cookie, and there is a lot of applications out there who do not cope well with this. But most often these problems is not very visible unless you know where to look for them..
Regards Henrik
