On fre, 2008-07-11 at 17:49 -0500, Jian Wang wrote: > Recently, we used Squid redirectors to solve an application problem. > Our redirectors are checking incoming requests against a database > table to see if this IP has already accessed Squid--redirect only if > ip is not in database. Ok. > We now have the concern that it may cause problem when applying our > application to a NATed or PATed network. Yes, ofcourse you will. IP is not an unique user identifier whenever there is multiple users sharing the same public IP. > In our application, we don't want to use any user name + password for > access authentication, our situation is that everyone is authorized. Ok. > In the Squid redirector input string, we can only get IP address(plus > FQDN at most, which doesn't help at all). Is there a way for Squid to > solve this problem? If it's a reverse proxy you could use a cookie.. Use an external_acl to look for the cookie, and use deny_info to redirect the request to a page setting the cookie if not set. Regards Henrik
