On Fri, 28 Oct 2005, Chin Kah Yi wrote:
I see. but if it is transparent proxy via wccp, how would the IP based access control scheme work on bluecoat as bluecoat wouldn't be inline to do access control and depending on cisco router?
It is inline for HTTP traffic. The proxy can do whatever it likes with the HTTP traffic.
What these schemes usually does is to redirect requests coming from an address not known to the proxy to a local login page, where a successful login registers the account for that IP and the user is then redirected back to the page he originally requested.
There is also another possible scheme using a combination of this and cookies. This provides per-user authentication but basically floods the browser with new cookies.
Regards Henrik