Search squid archive

Re: Captive Portal authentication in Intercept mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey,

I have written a basic idea with a php "login portal" that can be seen at:
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/Conf
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/PhpLoginExample
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/Python
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/SplashPageTemplate

The idea is an IP session based login.
The user actively needs to login and it will login the user IP address.
The helper(s) logic is based on time since the last user login.
This idea can be used as a sketch for a more advanced options with a portal.
There are other better ways to implement this idea and one of them is using a radius server.
As you noticed there is no way to directly authenticate a proxy in intercept mode. Maybe someone out-there have been thinking about a way to do such a thing but it is yet to be possible with squid. 

You can combine the php session login like in dyndns based solutions.
They offer a capability to re-register a domain based on your internet faced IP address. Their client checks if the IP was changed and if so re-register vs the main server(with username and password). So for example any new registration will revoke the old registration and any current registration is limited by to the current session life time.
Like in linux tcp_keep_alive there is an option to limit the session for 5-10 minutes and if it will not be "keeped" alive after 2 hours it will be automatically revoked off access to the proxy.
The logic I have written can be implemented but should be carefully designed. 

All The Bests,
Eliezer Croitoru

On 13/03/2015 07:25, Ashish Patil wrote:

Hello,

I am trying to set up a Captive Portal with Squid (v.3.5.2) in Intercept
mode and SquidGuard (v.1.5) as URL rewriter. The Captive portal works off
usernames in a database, but Squid + SquidGuard work based off IP's.

The most progress I have had just says Authentication by Squid cannot be
done with Squid acting as a Intercepting Proxy. Is there some helper (even
probably in beta stage) that could help me achieve this?



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux