[squid-users] Squid accel only after logon

Hi,

I want to use Squid as a reverse proxy (accel) to my main website but
only if they've authenticated - something like a captive portal (not
sure if that's the right phrase). By "authenticated", I don't mean
basic or digest etc. I want to provide my own logon page (say php) - I
can host another authentication website to host that.

How do I go about achieving that? Splash page functionality is
something that looks promising in squid but I can't get my head around
how to force squid to reverse proxy my site only after users have
authenticated on my php splash page. Also I need to terminate their
session after 3 hours.

http://wiki.squid-cache.org/ConfigExamples/Portal/Splash

I can do something like this:

#Show auth.php
external_acl_type splash_page ttl=60 concurrency=100 %SRC
/usr/local/sbin/squid/ext_session_acl -t 7200 -b
/var/lib/squid/session.db

acl existing_users external splash_page

http_access deny !existing_users

# Deny page to display
deny_info 511:https://myauthserver/auth.php?url=%s existing_users
#end authphp

#reverse proxy

https_port 443 cert=/path/to/x_domain_com.pem
key=/path/to/x_domain_com.pem accel

cache_peer 1.1.1.1 parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=x_domain_com
acl sites_server_x_domain_com dstdomain x.domain.com
cache_peer_access x_domain_com allow sites_server_x_domain_com
http_access allow sites_server_x_domain_com
# end reverse proxy

But how is this going to work? I can present a username/password on my
auth.php and present a submit button to validate. But how do I tell
squid that it is OK to serve x.domain.com?

Also is there a better way of achieving my purpose?

Thanks.

Please help.
Received on Wed Nov 27 2013 - 07:58:38 MST