Robert Collins wrote: > Requests without authentication are redirected to the policy page, with > the original page in a cookie/form submission. The policy page sets a > cookie "POLICY ACCEPTED" when the user accepts the policy. The policy > web server *must* be accessed via squid. > > When a request to the policy webserver, with a policy accepted cookie, > is seen, authentication is triggered, and the user redirected back to > the originally requested page. Yes, this looks like it might be done.
external_acl_type can be used to filter out requests without proxy authentication, or a extension acl can be written within Squid to do the same. deny_info url capability of Squid-3 (also available as a patch to Squid-2.5) can then be used to redirect the request to the policy page. The same scheme can also be used to IP based session timers, having an external_acl_type acting as a filter on which requests may need to be sent to the policy page, and the cookie as the definite filter on which users have accepted the policy or not. Regards Henrik
