Chris Perreault wrote:
>
> There was a patch, just mentioned recently, that was posted here about a
> month ago. We had it created for us to do the following:
>
> In reverse proxy (accelerated mode):
>
> User wants to hit internal webserver.
>
> Browser sends the user to the proxy which uses a redirector that sends
> them
> to a webpage. The webpage collects username/password from the user and
> auth's against a ldap directory. At that point we can also modify the
> headers, create headers, copy headers, etc and then, if authenticated OK,
> they are allowed to continue on their way. If not they get an error via a
> webpage on the same validated webserver. (Apache in this case).
Can you recall the thread it was discussed in, I can't find it.
I am not sure if I am using a sledgehammer to crack a nut here.
My scenario is:-
Local user always uses local squid proxy to access all web content.
The local squid forwards to a remote proxy (not squid) that does not require
authentication.
A specific external site (that I do not control) the users need is https and
not available via the remote proxy - squid goes to it directly.
I need the users to authorize before they connect to this specific site.
Unfortunately with basic auth, IE helps(!!!) by offering to remember the
users password details. I cannot allow this as the clients are accessible
by the public and must not be able to get to the secure site without having
to type in a password. I know I can disable this IE helper functionality in
windows, but that will stop it for all sites which is not what I want.
I figured that if I pass authentication control to a web page of my own, I
should be able to stop IE from interfering.
Thanks for the input
Martyn
Received on Thu Sep 23 2004 - 03:30:24 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT