[squid-users] Squid as reverse proxy and image theft protection

thane at SDF.ORG thane at SDF.ORG
Wed Jan 21 17:11:22 UTC 2015


Dear all,

we configured Squid 3.4.9 as Reverse Proxy/Accellerator versus some
virtual machines located geographically in different country integrating
it with a Geo DNS solution to routing the various user requests to the
Squid Reverse Proxy nearest to them. These virtual machines hosts a J2EE
Web Portal.

This Reverse Proxy provides to the users a huge amount of images and
reduce a lot the download time for that countries away from the primary
data center (see China, India, etc.). These images are at the moment
freely accessible without authentication.

The portal behind squid uses a custom authentication form where the user
insert his "Username" and "Password" in an HTTP Form and these credentials
are routed to a J2EE Servlet (through an HTTP Post) that perform various
authentication checks and release a cookie to grant the session to the
other dynamic contents.

We would like to understand if there are possible solutions to protect the
images on the Squid Reverse Proxy and makes them only available after the
user is authenticated.

Another possible workaround is perform some random scramble of the image
URL but continuing to permitting the caching of the sames.

Thanks and best regards,
Guido M.



More information about the squid-users mailing list