[squid-users] Authorization in a different way

Eliezer Croitoru eliezer at ngtech.co.il
Wed Jan 13 18:45:35 UTC 2016 

I do not know if an old idea of mine will be good for you but... I will 
write it anyway.
The basic way to do what you want is to use some kind of authentication 
in the session level and not the IP but..
You can use some "keep-alive" page which will use some JS to 
re-authenticate every couple seconds or minutes.
The service like in TCP will assume that the connection is available as 
long as the client JS ran in the last couple seconds\minutes.
It can help you to allow a specific user to use a specific IP address as 
long as the JS runs.
And if the user was not authenticated to the other service (which can 
run in https) for a period of time the session helper will not allow any 
other new session to pass in.

Hope it will help you.
Eliezer

On 13/01/2016 18:35, Christian Kunkel wrote:
> Hey guys,
>
> i need a way to autheticate or authorize users to my squid server so i can create some kind of a session and drop users after x hours they have been using my proxy. important thing would be to create only one session per user. i do not have access to users network. they are connecting from the internet and they also have nated ips. i thought about the classic way with http headers but i run into problems with some devices. so thats useless for me. to use the ip adress is also not possible because it would authorize a lot of ppl at once if they are behind a nat. thats not what i want. i only can add a proxy adress and a port to the devices which are connecting. right now i am using a unique port for every user. then redirect the port to a splash screen with a login form. when login is is successfull it triggers an iptables-script which redirects that port to squid. but that means every one can actually use that port after someone successfully logged in.
>
> i am using squid 3.5.13 on debian 8.
>
> some hints would be awesome. thanks in advance guys :)
>
> Kind regards,
>
> Chris
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list