[squid-users] squid set cookie?
Is it possible for Squid to Set Cookie in response messages upon SUCCESS in NTLM authentication phase. By setting the cookie, we like to avoid authentication in next Client request to same domain even on a different TCP connection. This is what we wish to achieve. 1.Configure external_acl "is_auth_needed" which takes COOKIE,URL and Source-IP as parameters. "http_access deny is_auth_needed !proxy_auth". 2.When a Client sends a new HTTP request,The external_acl program looks into its cache to see if a valid entry for combination of COOKIE+Source_Ip exists. If yes, it returns "ERR" and hence NTLm authentication skipped. 3.If no entry is found, it returns OK and NTLM phase is triggered. 4.Upon successful authentication, the ntlm_auth helper program returns OK. If Squid provides for setting "Cookie" value now, then we can avoid authentication for subsequent requests. I have seen few related mail-exchanges on setting of Cookies, but looking at squid.conf could not figure out how to do this. Any help and suggestion is highly appreciated. thanks in Advance, Kiran
[squid-users] OpenSSL license
Greetings to all. Will there be any license compatibility issues in using openssl with Squid? I plan to build Squid with "enable-ssl" support but happened to bump into an old discussion on this. "http://www.squid-cache.org/mail-archive/squid-dev/200406/0011.html";. As i'm not an expert on this, I wish to hear from the group if there will be any potential license violation if we want to use Squid to provide https-proxy support. Best Regards, Kiran
Re: [squid-users] Fwd: how to use squid external_acl_type to enforce policy based authentication
Fantastic. This worked for me. thanks Chris and Amos for the replies. --Kiran On Tue, Jan 19, 2010 at 1:23 PM, Chris Robertson wrote: > kiran kumar wrote: >> >> Dear All, >> >> I'm trying to use "external_acl_type" with squid3-stable-19 to enforce >> user Authentication. I don't want to authenticate every request but >> have Squid talk to my policy framework before deciding either to >> authenticate or skip authentication for the request. The policy will >> be based on source-ip of the request. Is there a way to do this in >> Squid? I was hoping Squid to use the return value of external helper >> program to enforce authentication. >> >> I do not want to configure this statically in squid.conf as the >> policies keep changing.\ >> >> Thanks in Advance, >> >> Kiran >> > > I haven't tested it, but I think... > > http_access deny is_auth_needed !proxy_auth > http_access allow my_net > > ...where "is_auth_needed" is an external ACL that returns "OK" for IPs that > require authentication and "ERR" for those that don't and "proxy_auth" is a > standard authentication ACL would do just what you want. > > ACLs that comprise http_access rules are "ANDed" together, so if the first > test fails, further ACls are not checked. > > Chris > >
[squid-users] Fwd: how to use squid external_acl_type to enforce policy based authentication
Dear All, I'm trying to use "external_acl_type" with squid3-stable-19 to enforce user Authentication. I don't want to authenticate every request but have Squid talk to my policy framework before deciding either to authenticate or skip authentication for the request. The policy will be based on source-ip of the request. Is there a way to do this in Squid? I was hoping Squid to use the return value of external helper program to enforce authentication. I do not want to configure this statically in squid.conf as the policies keep changing.\ Thanks in Advance, Kiran