Article delegate-en/4016 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4015@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Testing the HTTP/HTTPS and FTP Delegate proxy
25 Jul 2008 20:00:50 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4015@delegate-en.ML_> on 07/26/08(03:02:35)
you "Jean Aumont" <pvahqbdyi-ry4zqcnsjzvr.ml@ml.delegate.org> wrote:
 |---------------------------------------------------------------------
 |Question 1 - Http(s) proxy
 |---------------------------------------------------------------------
 |# more http.cfg 
 |SERVER="http"
 |REMITTABLE="http,https"
 |-P8080
 |# ============
 |# Section http
 |# ============
 |AUTHORIZER="-none:http:www.sea-doo.com*:10.*.*.*"
 |AUTHORIZER="-list{uid1:pwd1,uid2:pwd2}:http:www.google.com:10.*.*.*"
 |AUTHORIZER="-list{uid1:pwd1,uid3:pwd3}:http:www.yahoo.com:10.*.*.*"
 |AUTHORIZER="-list{uid1:pwd1}:http:*:10.*.*.*"
 |# =============
 |# Section https
 |# =============
 |AUTHORIZER="-list{uid1:pwd1,uid3:pwd3}:https:www.google.com:10.*.*.*"
 |AUTHORIZER="-list{uid1:pwd1,uid3:pwd3}:https:www.yahoo.com:10.*.*.*"
 |AUTHORIZER="-list{uid1:pwd1}:https:*:10.*.*.*"
 |# ===============
 |# Deny All Others
 |# ===============
 |AUTHORIZER="-never"
 |
 |>From my testing using the http(s) config, I discovered that the 
 |delegate proxy evaluates the rules as follow:
 |
 |1) look for the service (http or https)
 |2) then look for an address that match the requested ip or url
 |3) and if the user is allowed

Firstly, DeleGate selects one AUTHORIZER based on the set of destination
protocol, the destination server and the client of the current session.
Then the AUTHORIZER is applied to authenticate (and authorize) the user.

 |This is why I am force to repeat that "uid1:pwd1" on the line 
 |that give access to www.google.com and www.yahoo.com even if 
 |the line AUTHORIZER="-list{uid1:pwd1}:http:*:10.*.*.*"
 |should give acces to everywhere on the www to "uid1"
 |
 |Am I right about this ???

In such case, you can use AUTHORIZER just to authenticate users, and
authorize them using PERMIT parameters as follows:

  AUTHORIZER="-none:http:www.sea-*"
  AUTHORIZER="-list{u1:p1,u2:p2,u3:p3}:http,https:*"
  PEMRIT="http:www.sea-*:10.*"
  PERMIT="http,https:*:-a/u1@*"
  PERMIT="http,https:www.yahoo.com:-a/u2@*"
  PERMIT="http,https:www.google.com:-a/u3@*"


 |Thanks for the great effort of developing the "Delegate" proxy.

It's "DeleGate" :)

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V