-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/01/2015 6:11 a.m., thane@xxxxxxx wrote: > Dear all, > > we configured Squid 3.4.9 as Reverse Proxy/Accellerator versus > some virtual machines located geographically in different country > integrating it with a Geo DNS solution to routing the various user > requests to the Squid Reverse Proxy nearest to them. These virtual > machines hosts a J2EE Web Portal. > > This Reverse Proxy provides to the users a huge amount of images > and reduce a lot the download time for that countries away from the > primary data center (see China, India, etc.). These images are at > the moment freely accessible without authentication. > > The portal behind squid uses a custom authentication form where the > user insert his "Username" and "Password" in an HTTP Form and these > credentials are routed to a J2EE Servlet (through an HTTP Post) > that perform various authentication checks and release a cookie to > grant the session to the other dynamic contents. > > We would like to understand if there are possible solutions to > protect the images on the Squid Reverse Proxy and makes them only > available after the user is authenticated. An external_acl_type helper that checks the Cookie header contents against the backend auth system and informs Squid about OK/ERR will do that for you. > > Another possible workaround is perform some random scramble of the > image URL but continuing to permitting the caching of the sames. That is not possible while caching. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUwHFHAAoJELJo5wb/XPRjV48IALCdLQ2Yb1tQabzLpyEi+rmE WlBGqaKMsKGZBEtPhvys6yvS1Nr7Isc5qaF/g/KuJhWT5NKy5OOYAP3nvrLDu8NB BT9YcRcHAHLRtfFoSAxYxlYYOwdY7TQsyx70XtQhcnqFtZqQWpLraTUXvpKdoVul J0q0C+ZpqsurTlZTJG9s1sz/75bESTbpY5lmq0uqIA77FiMe9pwrUcYgdWx/9yMr VdH6O+iO18PCPAPw9cVRrQHZNQ3i9fw/KfJ0Wj9CUOPu367Jd4JLdYEeKPYsGuHc Syz/1PV9S+QPSiYkvpdHvMg00HzO7sWSRq0WBdJlBWTXw61vSgJMsvhOgnjJlp8= =KQEL -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users