Guillaume BRAUX wrote:
> Hello,
>
> I use a HTTP captive portal to authenticate users and gives them access to
> network resources. It actually store Username/MAC/IP in a database when a
> user authenticate, and add the needed filtering rules in Iptable/Netfilter
> (based on IP and MAC) to open usual ports (80, 443 .) for the user.
>
> Now, I have added a transparent squid proxy to be able to filter HTTP
> requests more accurately (url whitelist/blacklist .).
> But I want to make user/group based squid rules . I know it is not possible
> to make proxy auth using squid in transparent mode, but my context gives me
> another way to get the current user, as I got a database with the
> Username/MAC/IP of all of them . So when I got the MAC or IP address, I can
> find the username .
>
> So resuming :
> - I have a database (file or SQL .) which store my users. These users can be
> part of a group of users.
> - When a packet is reaching the Squid proxy server, I am sure I have in my
> database a link between the IP/MAC and the username (as all users has to
> authenticate with the captive portal to be able to go through the NetFilter
> and reach the Squid proxy).
>
> My final goal :
> - I want to implement rules in SQUID based on a username or a group (like
> the LDAP auth) ! But how to do this in my context ?! That is the question
Depending on what type of rules you want to implement, you may use
ufdbGuard, a Squid redirector.
With ufdbGuard you can block/allow groups of users to access lists of URLs.
A group can be defined in many ways and one way is to use an ASCII file
with IP addresses.
ufdbGuard is free. It can also use a commercial URL database.
It can be downloaded from www.urlfilterdb.com
Marcus
> Developing an external auth handler ? A SQUID Extension ?
>
> Any ideas ?
>
> Thanks for all,
> Guillaume
>
>
>
Received on Sat Jun 21 2008 - 01:23:37 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 21 2008 - 12:00:04 MDT