LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Re: time based acl's for squid.

[ILUG] Re: time based acl's for squid.

Francis Daly francisdaly at gmail.com
Tue Aug 8 11:27:48 IST 2006 

On 08/08/06, Owen O' Shaughnessy <owen.oshaughnessy at gmail.com> wrote:
> On 8/8/06, Barry O'Donovan wrote:

> > I would think that the real problem you may have with using Squid is
> > actually
> > kicking the user off once their time has expired.
>
> I don't percieve that to be a problem, can do ip address acl
> manipulation without having to restart squid (or at least my memory
> tells me so), so i don't believe any other acl is going to be
> different.

You shouldn't even have to do that much.

Proxy authentication works because the browser sends the credentials
with every http request, and squid (in theory) checks the credentials
against the authenticating service for every request. Unless the
authenticator okays it, the request is denied.

In practice, in order to avoid hammering the authenticator, squid
caches credential validity for a time period -- so if the first
request has valid credentials, any subsequent request with the same
credentials is accepted by squid without it talking to the back-end.

Lower the credential cache time to a couple of minutes, and your users
may get 62 minutes of access instead of 60, but they won't get
unlimited.

And the proxy authentication failure error message is clear enough
that the user should know what to do in order to continue.

This all assumes that the browser knows it is using a proxy -- it is
not clear to me that "transparent proxy with user authentication" is
something you can expect to work unless you control all of the
clients.

	f

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell