RE: [squid-users] Squid and Apache Authentication

Do a search on "Patch Submission" then look for header manipulation. The
patch was needed only if you had a need to play with the headers.

We had them make a bunch of pages that did the redirector stuff on apache,
but as I said, I'd help more if I knew all the details but if I did we
wouldn't have needed a consultant, which we chose from:
http://www.squid-cache.org/Support/services.html. To answer your question
though....yes, what you want to do can be done. Someone else on the list
might be able to offer assistance and if not, visit the above link. The
price we payed was very reasonable for the time and effort it saved us.

Chris

-----Original Message-----
From: Martyn Bright [mailto:brightm@trml.co.uk]
Sent: Thursday, September 23, 2004 5:34 AM
To: 'squid-users@squid-cache.org'
Subject: RE: [squid-users] Squid and Apache Authentication

Chris Perreault wrote:
>
> There was a patch, just mentioned recently, that was posted here about
> a month ago. We had it created for us to do the following:
>
> In reverse proxy (accelerated mode):
>
> User wants to hit internal webserver.
>
> Browser sends the user to the proxy which uses a redirector that sends
> them to a webpage. The webpage collects username/password from the
> user and auth's against a ldap directory. At that point we can also
> modify the headers, create headers, copy headers, etc and then, if
> authenticated OK, they are allowed to continue on their way. If not
> they get an error via a webpage on the same validated webserver.
> (Apache in this case).

Can you recall the thread it was discussed in, I can't find it.

I am not sure if I am using a sledgehammer to crack a nut here.

My scenario is:-

Local user always uses local squid proxy to access all web content.

The local squid forwards to a remote proxy (not squid) that does not require
authentication.

A specific external site (that I do not control) the users need is https and
not available via the remote proxy - squid goes to it directly.

I need the users to authorize before they connect to this specific site.
Unfortunately with basic auth, IE helps(!!!) by offering to remember the
users password details. I cannot allow this as the clients are accessible
by the public and must not be able to get to the secure site without having
to type in a password. I know I can disable this IE helper functionality in
windows, but that will stop it for all sites which is not what I want.

I figured that if I pass authentication control to a web page of my own, I
should be able to stop IE from interfering.

Thanks for the input

Martyn
Received on Thu Sep 23 2004 - 05:50:55 MDT