Re: [squid-users] Squid Authentication Question

From: Henrik Nordstrom <>
Date: Mon, 15 Sep 2003 21:39:52 +0200 (CEST)

On Mon, 15 Sep 2003, WA Support wrote:

> Currently I have squid-3 configured to authenticate user to access the
> proxy. I assume that squid binds the authenticated username with the
> thread or session id, is this correct?

Neither. Squid does not bind the authenticated username to any kind of
session. The browser does bind the username to the current browsing
session, and provides the user credentials on each and every request to
the proxy.

> Now, what I would like to do is NOT require authentication to squid, but
> be able to have a user login to to a system that I am writing that will
> allow them to override the squidGuard redirection call in redirectStart.

Ok. Then you need to figure out how this other system outside of Squid is
to communicate the reqults to Squid making it available to redirectStart.
Also you need to decide on what to keep as session identifier. Basically
only the source IP address of the user is available as possible source for
session identifier when not using proxy authentication.

> The way I would like to work this is when the user submits a username
> and password to go into override mode, squid will add this user to
> authenticateUserRequestUsername(http->request->auth_user_request and
> bind it to the current session id or thread.

Won't work with the above.. for these structures to at all exists you
need to use authentication in Squid. But is is not terribly important.

> Then each time through redirectStart, squid just check to see if
> authenticateUserRequestUsername(http->request->auth_user_request is
> !NULL. If !NULL, then bypass redirect call.

Ok, but you need to find another place to store this if you are not using
proxy authentication in Squid.

Received on Mon Sep 15 2003 - 13:39:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:41 MST