I see. Do you think the design where cookies were used to keep track of
per-user authentication details at client browser is a feasible and good
design?
-------- Original Message --------
From: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>
To: Chin Kah Yi <kahyi@xxxxxxxxx>
CC: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxx
Subject: Re: transparent proxy with authentication
Date: 28/10/2005 19:14
On Fri, 28 Oct 2005, Chin Kah Yi wrote:
I see. but if it is transparent proxy via wccp, how would the IP
based access control scheme work on bluecoat as bluecoat wouldn't be
inline to do access control and depending on cisco router?
It is inline for HTTP traffic. The proxy can do whatever it likes with
the HTTP traffic.
What these schemes usually does is to redirect requests coming from an
address not known to the proxy to a local login page, where a
successful login registers the account for that IP and the user is
then redirected back to the page he originally requested.
There is also another possible scheme using a combination of this and
cookies. This provides per-user authentication but basically floods
the browser with new cookies.
Regards
Henrik
