Re: [SQU] Limitations

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sun, 28 Jan 2001 13:22:32 +1100

For the URL checking, you can use a perl redirector, and send the user to an access denied page on your LAN if the URL is not valid
for them...
You could use squid's internal URL checks, but they won't be updated in realtime.

Squid does the following for external redirectors:
recieve the requests,
See If it passes the http_access lines (here is where your perl authenticator is called on the users first request).
if it passed, squid then calls the redirector program, passing it the username as one of the parameters.

So you need a perl authenticator, and a perl redirector. The authenticator is not passed the url, which is why you need two
programs.

Rob

----- Original Message -----
From: "Devin Teske" <devinteske@hotmail.com>
To: <squid-users@ircache.net>
Sent: Sunday, January 28, 2001 11:30 AM
Subject: Re: [SQU] Limitations

> I realize that I might be asking too much but this is the whole enchilada,
> of what I need to be able to do (what I am trying to set up)...
>
> What things look like...
>
> Computer A
> Mandrake Linux 7.0 (Air)
> Squid
> Perl
> 10.34.1.150
> No direct internet access
> Computer B
> Windows NT
> CSM Proxy Server [Enterprise]
> ASP
> 10.1.1.20
> Direct Internet Access
>
> Computer B allows people to use it within the WAN as a proxy server to get
> out to the internet (given that you have a password within it's giant
> database).
>
> How things should work...
>
> User launches browser
> Browser is configured to look at 10.34.1.150 as a proxy server (running
> squid)
> Browser sends request to squid
> Squid responds with HTTP Proxy Authentication Required
> Browser asks user for password
> User enters username and password and clicks ok
> Squid sends headers to perl script
> Perl scipt checks dbm file for user name
> if user exists in dbm file then it checks another dbm file to see if
> the url requested is valid for the current user.
> if user is not in dbm file and user is not null perl script then it
> forwards the header to 10.1.1.20 (csm proxy server) and returns the response
> to the user.
> User sees response from the perl script.
>
>
> The users that are stored on 10.1.1.20 are the teachers and administrators
> (which I don't have access to, that is why I need to setup a way to
> authenticate those users without being on that computer or having access to
> it's internals, ie it's user database). The users that are stored on
> 10.34.1.150 are the students and they have filtered access (while the
> teachers/admins have pretty much non restricted access). This is what I am
> dealing with.
>
> Teachers will be adding links (website urls) to a database for their
> students. And their students will only be able to access those links that
> the teachers added.
>
> I have been trying to implement this idea for almost a year. We are on our
> 4th architecture.
>
> I hope this helps you understand this some more.
> I truly do think that squid is our savior. But I am having my qualms.
>
> Thank you very much for helping me with my previous questions. You are a
> great help. Once again, thank you,
> Devin Teske
> (909) 392-8429
> devinteske@hotmail.com
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Sat Jan 27 2001 - 19:26:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:37 MST