Thanks, Amos. I'm trying to apply different rules to different users coming from behind a firewall, i.e. so that the kids can go to only their sites and the adults to anywhere. I'd like to make it such that authentication can be handled by my own UI, and that authenticating one user doesn't change the permissions for another. I was looking at the session auth handler example in 3.2 and noted that it appeared to be using IP addresses to track users. I'm just thinking through scenarios right now, so if I'm making a problem out of nothing please feel free to set me straight. Matt ----- Original Message ----- From: Amos Jeffries <squid3@xxxxxxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxx Cc: Sent: Thursday, September 15, 2011 6:06 AM Subject: Re: Session Tracking On 15/09/11 15:33, Matt Cochran wrote: > I'd like to be able to 'lightly' authenticate my users with an > external login process/web application, I say lightly because > security isn't as important as distinguishing between users coming > from the same NAT'd IP address. Is there either a way to set a > session ID that can be read from the Squid process, or is there a > better way to distinguish between users like this? With great difficulty. You can write (find?) an external ACL helper to accept the Cookie header and process it for a session ID and present that back to Squid as a user= or tag= key value. Why does the NAT'd IP address matter that much? relying on cookies will still fail if the user does not want you to get any cookies from them, or if they are fetching cached content from Squid. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.11
