On Wed, 3 Nov 2004, Rolf wrote:
> All users will be subject to basic auth upon first trying a url.
Ok. trivial.
> Having been authenticated they get to the policy page, but upon return from
> the policy page, I can't see how to know they've been there and not to
> redirect them again.
As I said your redirector and the policy page needs to be sharign a common
database of which users have accepted the policy.
> This is indeed your excellent "policy accepted database" idea
Yes.
> but how can I implement it?
By selecting the type of database you use, then write a redirector and a
CGI capable of accessing this database to exchange the information about
the status of the user.
> Can I do so with ACLs and redirector_access?
Via an external acl helper yes. Just remember to set the negative ttl to
0.
> It sounds like it needs some database arrangement that is populated by the
> script that runs the policy page. And de-populated by some other scheduled
> task that removes old entries.
A simpler design is to simply store a timestamp in the database indicating
when the user last accepted the policy.
> But, how does squid see these entries?
By your redirector or acl helper querying the same database as the policy
page script.
Regards
Henrik
Received on Wed Nov 03 2004 - 03:37:01 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST