[squid-users] Captive Portal authentication in Intercept mode

James Harper james at ejbdigital.com.au
Fri Mar 13 09:10:55 UTC 2015

> Hey,
> I have written a basic idea with a php "login portal" that can be seen at:
> http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/
> http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/Conf
> http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/PhpLoginExample
> http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/Python
> http://wiki.squid-
> cache.org/EliezerCroitoru/SessionHelper/SplashPageTemplate
> The idea is an IP session based login.
> The user actively needs to login and it will login the user IP address.
> The helper(s) logic is based on time since the last user login.
> This idea can be used as a sketch for a more advanced options with a portal.
> There are other better ways to implement this idea and one of them is
> using a radius server.
> As you noticed there is no way to directly authenticate a proxy in
> intercept mode.
> Maybe someone out-there have been thinking about a way to do such a
> thing but it is yet to be possible with squid.

If you could do ntlm auth at your portal page then the user might never even notice that authentication took place...

You'd need to do some sort of browser detection though - browsers could handle such authentication, but programs phoning home or otherwise using web services would hate it.


More information about the squid-users mailing list