Hello,
I use a HTTP captive portal to authenticate users and gives them access to
network resources. It actually store Username/MAC/IP in a database when a
user authenticate, and add the needed filtering rules in Iptable/Netfilter
(based on IP and MAC) to open usual ports (80, 443 .) for the user.
Now, I have added a transparent squid proxy to be able to filter HTTP
requests more accurately (url whitelist/blacklist .).
But I want to make user/group based squid rules . I know it is not possible
to make proxy auth using squid in transparent mode, but my context gives me
another way to get the current user, as I got a database with the
Username/MAC/IP of all of them . So when I got the MAC or IP address, I can
find the username .
So resuming :
- I have a database (file or SQL .) which store my users. These users can be
part of a group of users.
- When a packet is reaching the Squid proxy server, I am sure I have in my
database a link between the IP/MAC and the username (as all users has to
authenticate with the captive portal to be able to go through the NetFilter
and reach the Squid proxy).
My final goal :
- I want to implement rules in SQUID based on a username or a group (like
the LDAP auth) ! But how to do this in my context ?! That is the question
Developing an external auth handler ? A SQUID Extension ?
Any ideas ?
Thanks for all,
Guillaume
Received on Sat Jun 21 2008 - 01:01:49 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 21 2008 - 12:00:04 MDT