Search squid archive

Re: Captive Portal (MAC authentication) & Squid Authentication ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Guillaume BRAUX wrote:
Hello,

I use a HTTP captive portal to authenticate users and gives them access to
network resources. It actually store Username/MAC/IP in a database when a
user authenticate, and add the needed filtering rules in Iptable/Netfilter
(based on IP and MAC) to open usual ports (80, 443 .) for the user.

Now, I have added a transparent squid proxy to be able to filter HTTP
requests more accurately (url whitelist/blacklist .).
But I want to make user/group based squid rules . I know it is not possible
to make proxy auth using squid in transparent mode, but my context gives me
another way to get the current user, as I got a database with the
Username/MAC/IP of all of them . So when I got the MAC or IP address, I can
find the username .

So resuming :
- I have a database (file or SQL .) which store my users. These users can be
part of a group of users.
- When a packet is reaching the Squid proxy server, I am sure I have in my
database a link between the IP/MAC and the username (as all users has to
authenticate with the captive portal to be able to go through the NetFilter
and reach the Squid proxy).

My final goal :
-  I want to implement rules in SQUID based on a username or a group (like
the LDAP auth) ! But how to do this in my context ?! That is the question

Depending on what type of rules you want to implement, you may use
ufdbGuard, a Squid redirector.
With ufdbGuard you can block/allow groups of users to access lists of URLs.
A group can be defined in many ways and one way is to use an ASCII file
with IP addresses.

ufdbGuard is free.  It can also use a commercial URL database.
It can be downloaded from www.urlfilterdb.com

Marcus

Developing an external auth handler ? A SQUID Extension ?

Any ideas ?

Thanks for all,
Guillaume




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux