Search squid archive

Re: Squid as reverse proxy and image theft protection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/01/2015 6:11 a.m., thane@xxxxxxx wrote:
> Dear all,
> 
> we configured Squid 3.4.9 as Reverse Proxy/Accellerator versus
> some virtual machines located geographically in different country
> integrating it with a Geo DNS solution to routing the various user
> requests to the Squid Reverse Proxy nearest to them. These virtual
> machines hosts a J2EE Web Portal.
> 
> This Reverse Proxy provides to the users a huge amount of images
> and reduce a lot the download time for that countries away from the
> primary data center (see China, India, etc.). These images are at
> the moment freely accessible without authentication.
> 
> The portal behind squid uses a custom authentication form where the
> user insert his "Username" and "Password" in an HTTP Form and these
> credentials are routed to a J2EE Servlet (through an HTTP Post)
> that perform various authentication checks and release a cookie to
> grant the session to the other dynamic contents.
> 
> We would like to understand if there are possible solutions to
> protect the images on the Squid Reverse Proxy and makes them only
> available after the user is authenticated.

An external_acl_type helper that checks the Cookie header contents
against the backend auth system and informs Squid about OK/ERR will do
that for you.


> 
> Another possible workaround is perform some random scramble of the
> image URL but continuing to permitting the caching of the sames.

That is not possible while caching.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUwHFHAAoJELJo5wb/XPRjV48IALCdLQ2Yb1tQabzLpyEi+rmE
WlBGqaKMsKGZBEtPhvys6yvS1Nr7Isc5qaF/g/KuJhWT5NKy5OOYAP3nvrLDu8NB
BT9YcRcHAHLRtfFoSAxYxlYYOwdY7TQsyx70XtQhcnqFtZqQWpLraTUXvpKdoVul
J0q0C+ZpqsurTlZTJG9s1sz/75bESTbpY5lmq0uqIA77FiMe9pwrUcYgdWx/9yMr
VdH6O+iO18PCPAPw9cVRrQHZNQ3i9fw/KfJ0Wj9CUOPu367Jd4JLdYEeKPYsGuHc
Syz/1PV9S+QPSiYkvpdHvMg00HzO7sWSRq0WBdJlBWTXw61vSgJMsvhOgnjJlp8=
=KQEL
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux