Article delegate-en/3347 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] optional authentication depending on destination (Re: Help with special config)
01 Jul 2006 11:30:19 GMT (Yutaka Sato)
The DeleGate Project


In message <_A3345@delegate-en.ML_> on 06/30/06(08:10:29)
you "David Lawrence" <> wrote:
 |I've been using Delegate for some time now and I am quite impressed with
 |it.  I'm using it as a simple HTTP proxy to restrict web access for
 |certain workstations.  Now I'd like to set it up to allow users who can
 |authenticate to get unrestricted access.  For example:
 |Users A, B and C use the same workstation where delegate is setup as the
 |HTTP proxy in Windows IE.  Users A&B are only allowed to access a
 |specific list of websites (and this works just fine).  User C is allowed
 |to have unrestricted access and this is what I am trying to get delegate
 |to allow.  I was thinking that I could get delegate to require
 |authorization for a PERMIT=*:*:* or something of the sort, but I can't
 |figure that out.  I got the AUTHORIZER option working but that seems to
 |just be a global option and requires A,B and C to be authorized to give
 |me the basic function I have now.  

I think your configuration can be like this:

  - anyone can access to a set of servers without authentication
  - authenticated users can access to unrestricted servers

You can use AUTHORIZER as a local option to each MOUNT point.
This might sound natual when you are using DeleGate as an origin server,
but it is also applicable to a DeleGate acting as a proxy server.
In this case, MOUNT is not used for rewriting but only for access
control like this for example.

  MOUNT="* = dst=!{host1,host2},AUTHORIZER=-list{user1:pass1,user2:pass2}"

This means any accesses to arbitrary hosts (except host1 and host2) are
applied this MOUNT.  After this MOUNT is selected, (in the interpretation
of HTTP message), it option requires authentication (proxy authentcation
to the HTTP client in this case).

"* =" means this MOUNT matches any URL and no rewriting is achieved.
"dst=!{a list of host}" means this MOUNT is applied when the destination
(server) host is not in the list.
"AUTHORIZER=-list{a list of pairs of user:pass}" means users must be
autorized by username and password in the list to access via this MOUNT.

  9 9   Yutaka Sato <>
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]