On 3/09/2012 7:01 p.m., Stolle, Martin wrote:
> Hello,
>
> I got a problem with the cooperation of squidguard 1.4 and squid 3.2.1
>
> My test scenario consists of
>
> Squidguard 1.4
> Squid 3.2.1
> Basic Authentication (in that case of test)
>
>
> I want to allow URLs not blocked by lists from squidguard to all users.
>
> If a website is blocked from a squidguard list and a user isn't authenticated, squidguard shall and will redirect the request to a blocking site, which links to a site, where somebody can authenticate itself.
>
> If someone is authenticated that way, he is associated with an user account and should have access to all web sites.
>
> Unfortunately, I got the problem, that, also a user is authenticated, squid transfers the user information only under the condition, that from the point of view of squid the authentication is necessary, to squidguard, also the user authenticated before. If Squid recognizes, that from the point of view of squid authentication is not necessary (i.e. there was e.g. a http_access allow all on the way), it does not transfer authentication information to the url rewriter, here squidguard, and does also not log that information.
> But squidguard needs that information in that case to allow the user access to that web site and don't redirect the request to the blocking site.
>
> Is there an option to transfer authentication information in any case - where it is available, i.e. the user has already authenticated - to the rewriter and also to log it?
URL rewriter interface is NOT the correct place to be performing
authentication or authorization.
Use external_acl_type helper interface instead, design your input format
% codes to match the fields squidguard needs. That interface will do
proxy credentials location for %LOGIN, including authentication if
required. Use deny_info to do the page redirection.
Amos
Received on Mon Sep 03 2012 - 08:14:20 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 03 2012 - 12:00:03 MDT