[squid-users] Squid as reverse proxy and image theft protection
Amos Jeffries
squid3 at treenet.co.nz
Thu Jan 22 03:40:55 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22/01/2015 6:11 a.m., thane at SDF.ORG wrote:
> Dear all,
>
> we configured Squid 3.4.9 as Reverse Proxy/Accellerator versus
> some virtual machines located geographically in different country
> integrating it with a Geo DNS solution to routing the various user
> requests to the Squid Reverse Proxy nearest to them. These virtual
> machines hosts a J2EE Web Portal.
>
> This Reverse Proxy provides to the users a huge amount of images
> and reduce a lot the download time for that countries away from the
> primary data center (see China, India, etc.). These images are at
> the moment freely accessible without authentication.
>
> The portal behind squid uses a custom authentication form where the
> user insert his "Username" and "Password" in an HTTP Form and these
> credentials are routed to a J2EE Servlet (through an HTTP Post)
> that perform various authentication checks and release a cookie to
> grant the session to the other dynamic contents.
>
> We would like to understand if there are possible solutions to
> protect the images on the Squid Reverse Proxy and makes them only
> available after the user is authenticated.
An external_acl_type helper that checks the Cookie header contents
against the backend auth system and informs Squid about OK/ERR will do
that for you.
>
> Another possible workaround is perform some random scramble of the
> image URL but continuing to permitting the caching of the sames.
That is not possible while caching.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUwHFHAAoJELJo5wb/XPRjV48IALCdLQ2Yb1tQabzLpyEi+rmE
WlBGqaKMsKGZBEtPhvys6yvS1Nr7Isc5qaF/g/KuJhWT5NKy5OOYAP3nvrLDu8NB
BT9YcRcHAHLRtfFoSAxYxlYYOwdY7TQsyx70XtQhcnqFtZqQWpLraTUXvpKdoVul
J0q0C+ZpqsurTlZTJG9s1sz/75bESTbpY5lmq0uqIA77FiMe9pwrUcYgdWx/9yMr
VdH6O+iO18PCPAPw9cVRrQHZNQ3i9fw/KfJ0Wj9CUOPu367Jd4JLdYEeKPYsGuHc
Syz/1PV9S+QPSiYkvpdHvMg00HzO7sWSRq0WBdJlBWTXw61vSgJMsvhOgnjJlp8=
=KQEL
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list