[squid-users] i hope to build web Authentication portal at Tproxy environment recenty , can you give me some advisement .

Steve Hill steve at opendium.com
Wed Mar 11 10:54:22 UTC 2015

On 11.03.15 10:22, johnzeng wrote:

> whether php or jquery need send user ip address to squid ? otherwise i
> worried whether squid can confirm user info
> and how to identify and controll http traffic ?

I'd do this with an external ACL - when processing a request, Squid 
would call the external ACL which would do:

1. If the user is not authenticated or their "last seen" timestamp has 
expired, return "ERR"
2. If the user is authenticated, update their "last seen" timestamp and 
return OK.

Obviously if the ACL returns ERR, Squid needs to redirect the user to 
the authentication page.  If the ACL returns OK, Squid needs to service 
the request as normal.

The authentication page would update the database which the external ACL 
refers to.

Identifying the user's traffic would need to be done by MAC address or IP:
  - MAC address requires a flat network with no routers between the 
device and Squid.
  - IP has (probably) unfixable problems in a dual-stacked network.

Beware that:
1. Access to the authentication page must be allowed for unauthenticated 
users (obviously :)
2. Authentication should really be done over HTTPS with a trusted 
3. Clients require access to some external servers to validate HTTPS 
certs before they have authenticated.
4. If you want to support WISPr then (2) and (3) are mandatory.
5. External ACL caching

You might be able to do it with internal ACLs, but... pain :)

  - Steve Hill
    Technical Director
    Opendium Limited     http://www.opendium.com

Direct contacts:
    Instant messager: xmpp:steve at opendium.com
    Email:            steve at opendium.com
    Phone:            sip:steve at opendium.com

Sales / enquiries contacts:
    Email:            sales at opendium.com
    Phone:            +44-1792-824568 / sip:sales at opendium.com

Support contacts:
    Email:            support at opendium.com
    Phone:            +44-1792-825748 / sip:support at opendium.com

More information about the squid-users mailing list