Time-out on redirection?

Paulo Scardine pscardine@tks.com.br
Tue, 27 Jun 2000 00:00:33 -0300 (BRT) 

On Tue, 27 Jun 2000, Peter Frischknecht wrote:
> > Hi (forgive my English)
> No problem.
> Voce pode falar portugues se quiser.

Great! :-)
 
> > Why not forbid direct HTTP (port 80) access and setup a Squid 
> > Proxy with
> > authentication? You can redirect port 80 to a "automagic" 
> > proxy setup page
> > (every browser has some autoconfiguration feature). 
> > Authentication with
> > Squid is very open, you can use about anything from LDAP to SAMBA with
> > custom scripts.
> Yeah, squid is great.
> BUT... I have to force the users into a web page, not a logon box.
> The web page is a very important component of this endeavor because it is a
> "portal".  Part of this project is to funnel users into a "portal" where we
> can have all sorts of messages and custom services.
> Another part of this process is that this has be VERY self explanatory
> to the users. If they type www.linuxapps.com and get a logon box, they
> may think that the site itself needs authentication, when in fact,
> they haven't even left their intranet. In sending them to a web page,
> I can use all sorts of self explanatory messages and guide the users
> to a common goal.  Including a self registration, if they never
> registered for Internet access before.

Ok... Yet IMHO seems to be a problem better handled in the proxy layer. I
think may be easy to hack the "Basic Authentication" code to use cookies
instead, and redirect the browsers that do not have the right cookie to
your help portal. The cookie may be a hash of the username, password and a
secret only known to you, so no section database must be kept. The
"Netscape Cookies" and "Basic Authentication" are similar enough, and I
think you can achieve this changing few lines of Squid code.

The only issue is that the browser will refuse to give a cookie to other
domain than that it was created for, so some creative URL redirection is
needed, like http://squid.auth/?url=http://www.original.url.com/. Anything
diferent from ^http://squid.auth/.+ will be redirected to an address like
above and if the user does not have the right cookie he will be redirected
to your portal, else he will receive the correct object. Just an idea, may
be I'm missing something.

-- 
Paulo Scardine
TKS Teleinformatica

-------------- Pensamento do Dia: -------------
As for the basic assumptions about individuality and self, this is the core
of what I like about cyberpunk. And it's the core of what I like about certain
pre-gibson neophile techie SF writers that certain folks here like to put
down. Not everyone makes the same assumptions. I haven't lost my mind... it's
backed up on tape.
-- Peter da Silva