Re: [squid-users] Connection: close

From: Warrick FitzGerald <wfitzgerald@dont-contact.us>
Date: Sun, 19 May 2002 20:59:51 -0400

Ahh, ok thanks guys I'm starting to see the light :)

The other situation I am then faced with is that these boxes accelerate more
than one site. I now realize that I can not get the realm as such, but is it
possible to retrieve the URL that the client is requesting .... just because
he has access to one of the URL's I am acceleration does not mean I want to
give him access to all.

I have no working knowledge of SquidGaurd at all, but on their site they
speak of a "Squid standard redirector interface" ... but it has a broken
link that that is not of much use. If I can not get the URL the client is
requesting via the authenticate_program, would I be able to do it this way ?

-- One last and not so great method may then of course be to use a normal
web server like apache etc. to handle the authentication .... make a private
request to squid on the backend for the cached content and then deliver it
to the client as if it has generated the content itself.

I'm sure you are guys are cringing at the thought :), but I'm sure I'm not
alone here so I may as well ask the stupid questions that may save someone
else some time.

Thanks again for all the help, it is much appreciated.

Warrick

----- Original Message -----
From: "Robert Collins" <robert.collins@itdomain.com.au>
To: "Warrick FitzGerald" <wfitzgerald@livetechnology.com>; "Squid-Users"
<squid-users@squid-cache.org>
Sent: Sunday, May 19, 2002 7:49 PM
Subject: RE: [squid-users] Connection: close

> -----Original Message-----
> From: Warrick FitzGerald [mailto:wfitzgerald@livetechnology.com]
> Sent: Monday, May 20, 2002 9:35 AM
> To: Squid-Users
> Subject: Re: [squid-users] Connection: close
>
>
> Thanks for the quick response Henrik,
>
> - I don't understand what are the persistent_connections are
> for then, if squid is only HTTP/1.0 based at the moment ?

HTTP/1.0 has persistent connections, and squid has some HTTP/1.1
features.

> Still my primary problem is trying to cache authenticated
> content. One thought I had (hair brain scheme I know) is to
> use the proxy authentication features in a reverse proxy
> environment. I have never worked with squid in any situation
> except for reverse so I would just like to see if this is
> even an option.

That is the standard approach for content acceleration. Simply rebuild
squid with that option on, disable authentication on your web server,
and setup your ACL's and auth helper on squid.

> Could I use the "authenticate_program" option to run an
> external process which queries the origin server to see if
> the client should be authenticated. Does squid send the
> Realm, username and password to the external program (Login
> and Password are obvious, but what about realm ?)

You can do anything you want. No, the realm is not sent. Don't confuse
authentication ('who are you') with authorisation ('you are allowed
access'). You seem to be talking authorization with this external helper
- the standard approach for squid is to build your list of users in a
text file and include that into the proxy_auth acl that permits access.
Then when you change that file, reconfig squid.

Rob
Received on Sun May 19 2002 - 19:00:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:10 MST