User based access authorization on proxy server

User based access authorization on proxy server

Post by Jochen Wiedma » Tue, 09 Jan 1996 04:00:00



Hello,

one of our clients would like to have a www proxy for its employees with
the following requirements:

    1.) Any employee should have access to the proxy, but with a personal
        password only, perhaps the login password

    2.) If possible, the passwords should be stored in a database and the
        proxy could use this database.

    3.) User based accounting should be possible, so that any employee
        would pay a fee based on the number of his accesses.

I know, that the CERN httpd fulfills the first requirement. It cannot
do 2.) and 3.), however. Implementing 2.) would probably be an easy
task, but 3.) is still left.

Any suggestions?

Thanks in advance,

Jochen

 
 
 

User based access authorization on proxy server

Post by Torsten Knoefe » Thu, 11 Jan 1996 04:00:00


Hi we have a system up and running which does exactly what you want.

Feel free to contact me

Torsten Knoefel

Bertelsmann Telemedia

 
 
 

1. Problems trying to restrict access or require authorization for Apache PassProxy proxy server usage

I am attempting to use Apache 1.3.3 on UnixWare 7 as a non-caching proxy
server and would like to restrict access or require authorization for
requests to this proxy. Access is to be granted to users from subnet
192.168.0. Users from outside this subnet are to be prompted for a user name
and password which will be checked against a file of valid users and
passwords.

I configured Apache with

./configure --prefix=/usr/local/apache --enable-module=proxy

Following are the relevant portions of my httpd.conf file:

ProxyRequests On
Listen 9100
<VirtualHost 192.168.0.12:9100>
ServerName www.foobar.org
<Directory proxy:*>
AuthName "foobar"
AuthType Basic
AuthUserFile /usr/local/apache/etc/PASSWD
order deny,allow
deny from all
allow from 192.168.0
require valid-user
Satisfy any
</Directory>
ProxyPass / http://www.encyclopedia.com/
ProxyPassReverse / http://www.encyclopedia.com/
</VirtualHost>

If I turn off the authorization checks, the proxy is working fine.  If I
turn on the authorization checks, I can connect fine from the 192.168.0
subnet. But if if I connect from outside the 192.168.0 subnet, I receive no
prompt for username and password but receive the following message in the
browser :

HTTP/1.0 407 Proxy Authentication Required
Date: Fri, 15 Jan 1999 08:34:58 GMT
Server: Apache/1.3.3 (Unix)
Proxy-Authenticate: Basic realm="foobar"
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>407 Proxy Authentication Required</TITLE>
</HEAD><BODY>
<H1>Proxy Authentication Required</H1>
This server could not verify that you
are authorized to access the document you
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.<P>
<HR>
<ADDRESS>Apache/1.3.3 Server at www.foobar.org Port 9100</ADDRESS>
</BODY></HTML>

The results are the same with either the Netscape 4.5 or IE 4.0 browser.

Does anyone have suggestions on how to achieve the desired results?

Thanks for your help!
-Mark Schwenk

2. Lan printer

3. Apache vs. CERN httpd in user-based access to proxy - help!

4. SC 5.0 compiler

5. Proxy-Server with USER-based authentication?

6. Add Date To File Name

7. Apache 1.3b6 Proxy: Remote Proxy Authorization

8. upgrade to 2.9 and softupdates

9. User Access Authorization and NIS

10. Proxy authorisation over LDAP server

11. Server Side Includes with User Authorization (NCSA AuthUserFile)

12. Can proxy on linux be user based and not IP?

13. Using an outside proxy server form behind a proxy server