On Wed, 3 Nov 2004, Rolf wrote:
All users will be subject to basic auth upon first trying a url.
Ok. trivial.
Having been authenticated they get to the policy page, but upon return from the policy page, I can't see how to know they've been there and not to redirect them again.
As I said your redirector and the policy page needs to be sharign a common database of which users have accepted the policy.
This is indeed your excellent "policy accepted database" idea
Yes.
but how can I implement it?
By selecting the type of database you use, then write a redirector and a CGI capable of accessing this database to exchange the information about the status of the user.
Can I do so with ACLs and redirector_access?
Via an external acl helper yes. Just remember to set the negative ttl to 0.
It sounds like it needs some database arrangement that is populated by the script that runs the policy page. And de-populated by some other scheduled task that removes old entries.
A simpler design is to simply store a timestamp in the database indicating when the user last accepted the policy.
But, how does squid see these entries?
By your redirector or acl helper querying the same database as the policy page script.
Regards Henrik
