[squid-users] Captive Portal authentication in Intercept mode

Eliezer Croitoru eliezer at ngtech.co.il
Fri Mar 13 09:03:01 UTC 2015 

Hey,

I have written a basic idea with a php "login portal" that can be seen at:
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/Conf
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/PhpLoginExample
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/Python
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/SplashPageTemplate

The idea is an IP session based login.
The user actively needs to login and it will login the user IP address.
The helper(s) logic is based on time since the last user login.
This idea can be used as a sketch for a more advanced options with a portal.

There are other better ways to implement this idea and one of them is 
using a radius server.

As you noticed there is no way to directly authenticate a proxy in 
intercept mode.
Maybe someone out-there have been thinking about a way to do such a 
thing but it is yet to be possible with squid.

You can combine the php session login like in dyndns based solutions.
They offer a capability to re-register a domain based on your internet 
faced IP address.
Their client checks if the IP was changed and if so re-register vs the 
main server(with username and password).
So for example any new registration will revoke the old registration and 
any current registration is limited by to the current session life time.

Like in linux tcp_keep_alive there is an option to limit the session for 
5-10 minutes and if it will not be "keeped" alive after 2 hours it will 
be automatically revoked off access to the proxy.

The logic I have written can be implemented but should be carefully 
designed.

All The Bests,
Eliezer Croitoru

On 13/03/2015 07:25, Ashish Patil wrote:
> Hello,
>
> I am trying to set up a Captive Portal with Squid (v.3.5.2) in Intercept
> mode and SquidGuard (v.1.5) as URL rewriter. The Captive portal works off
> usernames in a database, but Squid + SquidGuard work based off IP's.
>
> The most progress I have had just says Authentication by Squid cannot be
> done with Squid acting as a Intercepting Proxy. Is there some helper (even
> probably in beta stage) that could help me achieve this?
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list