Re: [squid-users] cgi authentication + squid

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 15 Jul 2003 19:09:28 +0200

On Tuesday 15 July 2003 16.04, Augusto Flavio wrote:

> When the user make the login in my script cgi i will
> get this login, passwd and the address IP of station.
> I will check this login and passwd in
> /etc/squid/squidpasswd . before this i will specific
> the previleges of this user from IP, right?

So far all good.

> The problem of all this is:
>
> I need create some restrictions by login and not by
> IP why the network use DHCP. I need create the script
> that sync these logins with the IP of station ?

Yes, because when the same user tries to then use Squid, squid will
have absolutely no knowledge of who logged in to that CGI script of
yours. All it knows is that "I got a request from IP x.x.x.x". If you
use a CGI login method then this must then supply the information
about who the user is who is using IP x.x.x.x until that user have
logged out.

Using proxy authentication is about 100 times easier to set up than
CGI based authentication, and I would strongly recommend using proxy
authentication instead. Using proxy authentication is a no-worries
approach as it is an integral part of the HTTP protocol and nothing
out of the ordinary. It accomplishes the same goal MUCH easilier and
a whole lot more reliably.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Tue Jul 15 2003 - 11:10:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:00 MST