On Wed, 31 Dec 2003, OTR Comm wrote: > I am trying to figure something out. When Squid is configured to > authenticate, how does it keep up with the different session for > individual users who have logged on?
There is no sessions in HTTP. Each and every single request (HTML, image, style sheet etc etc) sent by the browser is authenticated to the proxy. The session is within your web browser where it remembers the login+password used for authentication to the proxy. > N2H2, the company that wrote the Bess Filtering system, uses Squid > without authentication and a filtering helper like squidGuard that > supports overrides of blocked sites. User who have authority to > override sites, login and then somehow Squid can distinguish those > users. How can Squid do this? If they do not use authentication then they most likely base the level of access on the IP address of the user. > I have asked N2H2 for a copy of their Squid code, but they put me off > and then lately they told me that I have to talk to their legal > department. Even though Squid is under GPL, they still want me to jump > through hoops with their legal department. The GPL only forces them to give you the source if you are a customer of theirs, or otherwise have legal access to a binary copy of their version of Squid. > Does anyone have any ideas about how I can get Squid to recognize > particular user sessions without requiring authentication? There is only three methods. a) Authentication. b) Access controls based on IP addresses, possibly connected with some kind of system which can derive from the IP address who the user is. This requires some kind of system you can query who the user at this IP address is. c) Use of the IDENT protocol to ask the client station who the user is. This requires a IDENT server on each and every client station involved. Regard Henrik
