On 3/09/2012 7:01 p.m., Stolle, Martin wrote:
Hello,
I got a problem with the cooperation of squidguard 1.4 and squid 3.2.1
My test scenario consists of
Squidguard 1.4
Squid 3.2.1
Basic Authentication (in that case of test)
I want to allow URLs not blocked by lists from squidguard to all users.
If a website is blocked from a squidguard list and a user isn't authenticated,
squidguard shall and will redirect the request to a blocking site, which links
to a site, where somebody can authenticate itself.
If someone is authenticated that way, he is associated with an user account and
should have access to all web sites.
Unfortunately, I got the problem, that, also a user is authenticated, squid
transfers the user information only under the condition, that from the point of
view of squid the authentication is necessary, to squidguard, also the user
authenticated before. If Squid recognizes, that from the point of view of squid
authentication is not necessary (i.e. there was e.g. a http_access allow all on
the way), it does not transfer authentication information to the url rewriter,
here squidguard, and does also not log that information.
But squidguard needs that information in that case to allow the user access to
that web site and don't redirect the request to the blocking site.
Is there an option to transfer authentication information in any case - where
it is available, i.e. the user has already authenticated - to the rewriter and
also to log it?
URL rewriter interface is NOT the correct place to be performing
authentication or authorization.
Use external_acl_type helper interface instead, design your input format
% codes to match the fields squidguard needs. That interface will do
proxy credentials location for %LOGIN, including authentication if
required. Use deny_info to do the page redirection.
Amos
