On Thu, 2003-02-06 at 09:41, Henrik Nordstrom wrote: > David O'Sullivan wrote: > > > > The problem is that what I would like is for users to be initially presented > > with a disclaimer form which they must accept before the proxy > > authentication is offered. If they don't accept they are not allowed through > > the proxy and presented with a decline screen. > > This is a little tricky.. requires you to implement a kind of database > which keeps track of users who have accepted the policy, without knowing > the user.. > > If you can accept to identify users by their IP address then this kind > of access control can probably be implemented, but it is not an very > easy task.
Here's an approach: Requests without authentication are redirected to the policy page, with the original page in a cookie/form submission. The policy page sets a cookie "POLICY ACCEPTED" when the user accepts the policy. The policy web server *must* be accessed via squid. When a request to the policy webserver, with a policy accepted cookie, is seen, authentication is triggered, and the user redirected back to the originally requested page. After that the browser will send authentication to the proxy automatically, for that session. (May only work for basic authentication). Rob -- GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
signature.asc
Description: This is a digitally signed message part
