[squid-users] squid set cookie?

2010-04-26 Thread kiran kumar
Is it possible for Squid to Set Cookie in response messages upon
SUCCESS in NTLM authentication phase. By setting the cookie, we like
to avoid authentication in next Client request to same domain even on
a different TCP connection. This is what we wish to achieve.

1.Configure external_acl "is_auth_needed" which takes COOKIE,URL and
Source-IP as parameters.

"http_access deny is_auth_needed !proxy_auth".

2.When a Client sends a new HTTP request,The external_acl program
looks into its cache to see if a valid entry for combination of
COOKIE+Source_Ip exists. If yes, it returns "ERR" and hence NTLm
authentication skipped.

3.If no entry is found, it returns OK and NTLM phase is triggered.

4.Upon successful authentication, the ntlm_auth helper program returns
OK. If Squid provides for setting "Cookie" value now, then we can
avoid authentication for subsequent requests.

I have seen few related mail-exchanges on setting of Cookies, but
looking at squid.conf could not figure out how to do this. Any help
and suggestion is highly appreciated.

thanks in Advance,
Kiran


[squid-users] OpenSSL license

2010-02-07 Thread kiran kumar
Greetings to all.

Will there be any license compatibility issues in using openssl with
Squid? I plan to build Squid with "enable-ssl" support but happened to
bump into an old discussion on this.
"http://www.squid-cache.org/mail-archive/squid-dev/200406/0011.html";.
As i'm not an expert on this, I wish to hear from the group if there
will be any potential license violation if we want to use Squid to
provide https-proxy support.

Best Regards,
Kiran


Re: [squid-users] Fwd: how to use squid external_acl_type to enforce policy based authentication

2010-01-19 Thread kiran kumar
Fantastic. This worked for me. thanks Chris and Amos for the replies.
--Kiran
On Tue, Jan 19, 2010 at 1:23 PM, Chris Robertson  wrote:
> kiran kumar wrote:
>>
>> Dear All,
>>
>> I'm trying to use "external_acl_type" with squid3-stable-19 to enforce
>> user Authentication. I don't want to authenticate every request but
>> have Squid talk to my policy framework before deciding either to
>> authenticate or skip authentication for the request. The policy will
>> be based on source-ip of the request. Is there a way to do this in
>> Squid? I was hoping Squid to use the return value of external helper
>> program to enforce authentication.
>>
>> I do not want to configure this statically in squid.conf as the
>> policies keep changing.\
>>
>> Thanks in Advance,
>>
>> Kiran
>>
>
> I haven't tested it, but I think...
>
> http_access deny is_auth_needed !proxy_auth
> http_access allow my_net
>
> ...where "is_auth_needed" is an external ACL that returns "OK" for IPs that
> require authentication and "ERR" for those that don't and "proxy_auth" is a
> standard authentication ACL would do just what you want.
>
> ACLs that comprise http_access rules are "ANDed" together, so if the first
> test fails, further ACls are not checked.
>
> Chris
>
>


[squid-users] Fwd: how to use squid external_acl_type to enforce policy based authentication

2010-01-18 Thread kiran kumar
Dear All,

I'm trying to use "external_acl_type" with squid3-stable-19 to enforce
user Authentication. I don't want to authenticate every request but
have Squid talk to my policy framework before deciding either to
authenticate or skip authentication for the request. The policy will
be based on source-ip of the request. Is there a way to do this in
Squid? I was hoping Squid to use the return value of external helper
program to enforce authentication.

I do not want to configure this statically in squid.conf as the
policies keep changing.\

Thanks in Advance,

Kiran