Re: [squid-users] transparent proxy + auth

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 1 May 2005 23:31:46 +0200 (CEST)

On Sun, 1 May 2005, Jon Newman wrote:

> I work as the lead developer for an ISP in Houston TX. I am developing a
> transparent bridge/filter/firewall for our customers where we map each
> customers IP/MAC/etc (and other information depending on the type of
> account and whats available to 'map' them) to their account,

For this IP based authentication works very well with Squid. All you need
is a small helper querying your backend system for the current user name
of the IP and you will get the user name in your logs for proper
accounting. But as you note you then also will need to live with the
limitation of not being able to identify individuals behind NAT or
proxies.

As you are an ISP this usually isn't a limitation, but in an office
environment it often is a noticeable limitation.

This sais, the mentioned Cookie scheme is not without flaws either. It
changes the web traffic flows in subtle manners to replicate the cookie,
and there is a lot of applications out there who do not cope well with
this. But most often these problems is not very visible unless you know
where to look for them..

Regards
Henrik
Received on Sun May 01 2005 - 15:31:48 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT