[squid-users] How to select parent proxy based on user password

Fri Sep 25 04:12:07 UTC 2020

Hey Adrian,

Indeed some advanced features might take some time but, without SSL-BUMP you just to prepare a list of “requirements” from the proxy.

Squid can enforce HTTP RFC syntax and has couple very nice features but really, what do you need the proxy to do?

Authentication? Via htaccess file, DB, LDAP, AD?
Proxy Peering?

Logging?

Bandwidth control?

Caching?

For any project the requirements can be “quantified” and a developer can give you a price.

Indeed I would agree that a software which is being used by many admins and users can be tested better to some degree.

A single username is an identifier and it’s better be unique per client.

You can use realms to differentiate between destination proxies.

Technically speaking there are much better ways to send messages between the client software to the proxy.

For example you can use  a HTTP Header such as “X-Proxy-Route” with some unique identifiers else then the default.

The main thing with such a setup would be to remove this by-hop\in-transit header(s).

If you want to see a 200+- lines proxy I can try next month to look at my list.

I posted in 2016 a list of proxies on my web page and you can download the post PDF from:

https://smallpdf.com/shared#st=28c1432b-7248-4a57-9e5b-9d143b6481bd <https://smallpdf.com/shared#st=28c1432b-7248-4a57-9e5b-9d143b6481bd&fn=A+Proxy+for+each+Internet+user+_The+future_2016.pdf&ct=1601007048862&tl=share-document&rf=link> &fn=A+Proxy+for+each+Internet+user+_The+future_2016.pdf&ct=1601007048862&tl=share-document&rf=link

All The Bests,

Eliezer

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

From: Ajb B <ajb23 at ymail.com> 
Sent: Friday, September 25, 2020 2:25 AM
To: squid-users at lists.squid-cache.org; Eliezer Croitor <ngtech1ltd at gmail.com>
Subject: Re: [squid-users] How to select parent proxy based on user password

Hey Eliezer,

Squid contains some very advanced features that would take several weeks to rewrite I'm sure. But you're reply did give me an idea.

I think I can create an additional proxy service on top of Squid to route proxies based on the password. I think I will have to try this approach.

Thanks,

Adrian

On Thursday, September 24, 2020, 12:26:38 PM CDT, Eliezer Croitor <ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> > wrote: 

Just to add a side note:
Squid is not the most advanced proxy in the Programming world.

It's possible that many use Squid as their proxy servers software however,
in the programming world there are far more simple and efficient ways to write 
a proxy that will serve a service such as PacketStream.
A proxy server with auth, logging and much more  can be written in 200 +- lines of code.
OK OK so it is connected to a K\V or SQL DB...

Haproxy is an OpenSource example for a very efficient proxy service, leaving aside the 
obviates differences between Squid and Haproxy.

All The Bests,
Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org <mailto:squid-users-bounces at lists.squid-cache.org> > On Behalf Of Amos Jeffries
Sent: Thursday, September 24, 2020 5:38 AM
To: squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
Subject: Re: [squid-users] How to select parent proxy based on user password

On 24/09/20 4:14 am, Ajb B wrote:
> 
> Hey Anthony,
> 
> I see you're point. It makes sense to have multiple usernames if I want
> a user to access multiple proxies. But I'm trying to create a "reseller"
> proxy service, so multiple usernames for a single user won't really make
> sense. I can just give users different passwords to access different
> proxies.

I don't see the connection being a reseller service has to do with
routing to specific proxies.

Surely the routing is based on something entirely different - such as
the users credit balance with services, or which packages they have
bought from you, which region(s) they are trying to access etc.

That type of info is traditionally managed via assigning users to
groups. In modern Squid it is more efficiently done with annotations and
"note" ACL as mentioned by Eliezer already.

> 
> Also, I know PacketStream (https://packetstream.io/) does this and I'm
> pretty sure they use Squid.

There is nothing in the PacketStream documentation or FAQ that indicates
routing to specific proxies based on user/password details.

Their on-sellers simply add/remove login accounts and payments to the
main system.

Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200925/7a795679/attachment.htm>