On Tue, 2003-08-05 at 06:34, Joshua Brindle wrote: > Ok, I'm not sure if this makes sense but I have some special needs > and can't quite figure out how to implement them.
I'm a little short on time right now, but a few thoughts may help you... firstly, the latency on an external helper, combined with squids result caching is /unlikely/ to be an issue - when compared to typical internet site RTT. secondly, forms based authentication has been discussed several times here. It's a bit of a 'brew-your-own' solution. You can do it without altering the source: (From memory - look it up in the archives for previous discussions).. Use a redirector (where you want to trigger authentication) to redirect the user (remember, you can have squid fetch the redirected page itself, preventing squid-client latency) to your webserver with the form logic on it, saving their request (don't forget to take care of POST data!) while you authenticate them, and then pass them back to the original site. Make sure that access to that webserver is also done via squid. Finally, add an external acl that you can pass whatever cookie or url details you set in the forms authentication, and it will provide squid with the login details. Lastly, you just use that acl as normal in your http access rules. lastly, checking for your X- headers is trivial via a second external acl. I suspect you'll find squid-3.0 much easier to accomplish this with. Cheers, Rob -- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
signature.asc
Description: This is a digitally signed message part
