On 11.03.15 10:22, johnzeng wrote:
whether php or jquery need send user ip address to squid ? otherwise i
worried whether squid can confirm user info
and how to identify and controll http traffic ?
I'd do this with an external ACL - when processing a request, Squid
would call the external ACL which would do:
1. If the user is not authenticated or their "last seen" timestamp has
expired, return "ERR"
2. If the user is authenticated, update their "last seen" timestamp and
return OK.
Obviously if the ACL returns ERR, Squid needs to redirect the user to
the authentication page. If the ACL returns OK, Squid needs to service
the request as normal.
The authentication page would update the database which the external ACL
refers to.
Identifying the user's traffic would need to be done by MAC address or IP:
- MAC address requires a flat network with no routers between the
device and Squid.
- IP has (probably) unfixable problems in a dual-stacked network.
Beware that:
1. Access to the authentication page must be allowed for unauthenticated
users (obviously :)
2. Authentication should really be done over HTTPS with a trusted
certificate.
3. Clients require access to some external servers to validate HTTPS
certs before they have authenticated.
4. If you want to support WISPr then (2) and (3) are mandatory.
5. External ACL caching
You might be able to do it with internal ACLs, but... pain :)
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contacts:
Instant messager: xmpp:steve@xxxxxxxxxxxx
Email: steve@xxxxxxxxxxxx
Phone: sip:steve@xxxxxxxxxxxx
Sales / enquiries contacts:
Email: sales@xxxxxxxxxxxx
Phone: +44-1792-824568 / sip:sales@xxxxxxxxxxxx
Support contacts:
Email: support@xxxxxxxxxxxx
Phone: +44-1792-825748 / sip:support@xxxxxxxxxxxx
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
