Re: [squid-users] Authenticating users with a webpage form

From: S.M.H. Hamidi <hosseinhamidi@dont-contact.us>
Date: Sat, 1 Dec 2007 21:38:12 -0800 (PST)

Hi,

If your workstations are not behind NAT there is a
simple solution as below:

1- Block all local IP ranges to access the net as
default.
2- Change the error page so that the users which are
denied access to be redirected to login page.
3- Create a file which consists of allowed IP
addresses and include in your squid ACL's. Define
relevant access rule.
4- When a user get authenticated, simply add its IP
address to above mentioned file (access-allowed IP's).
When a user logins out or the authentication times
out, remove its IP address from the file.
5- Alert authenticated user to keep the authentication
page open and open a new browser session or tab to
continue web surfing.
6- Check user presence with common techniques like
page refresh in login page.
7- It is also possible to provide original referrer
URL to user after successful authentication.

More details can be added to above solution to improve
users experience, however the overall mechanism is
same. There are other methods for users behind NAT or
thin clients which is more complicated.

Best wishes,

--- Taylor Jones <monitorjbl@gmail.com> wrote:

> Hello,
>
> I read the guidelines for this mailing list, and I
> really do hope I'm
> not asking a question you've all heard a million
> times. If I am, feel
> free to berate me, I probably deserve it.
>
> I am looking for a way to use a webpage with a
> GET/POST form to get
> the user's name and password for authentication
> instead of the pop-up
> that the user receives by default. I realize that
> this is just an
> aesthetic kind of thing, but I'm nothing if not
> obsessive, and I hate
> that I can't tell a user where he is and what he
> needs to do to gain
> access to our proxy server. Honestly, this shouldn't
> be that hard to
> implement, I just don't really know where I should
> start. Any help you
> guys could give me would be much appreciated!
>

      ____________________________________________________________________________________
Be a better pen pal.
Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/
Received on Sat Dec 01 2007 - 22:38:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST