I've got this box with over 2,000 public ip addresses and I allow my
users to connect to their proxy via username/password OR if they are
coming from an IP our system stored for that user. If the user comes
from a known IP we don't ask for username/password (we call it ip
authentication), otherwise prompt him with a user/pass popup.
While it works pretty well it tends to generate a lot of ACLs for big
boxes like this one and squid goes 100% permanently just from the
config (Yes I even had it split in workers to share them across
physical CPUs).
My problem now: I would like to use an external script of my own (call
it pre-authenticator) which takes a request and looks at the incoming
ip. If that incoming IP (src) matches and it's allowed to browse
through the requested IP (myip) let the user in, otherwise, pass it to
the user/pass authenticator - whatever that may be.
I know about external_acl_type but this one assumes the user is logged
in and it won't work since the user is prompted for password before
being passed to may external acl program (post-auth).
Received on Sun Aug 18 2013 - 10:30:06 MDT
This archive was generated by hypermail 2.2.0 : Sun Aug 18 2013 - 12:00:09 MDT