[ previous ] [ next ] [ threads ]
 
 From:  Russell Ashdown <russell at ashdown dot net dot au>
 To:  Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall-dev] Captive Portal and HTTP Proxy
 Date:  Fri, 02 Dec 2005 21:14:39 +1000
On Fri, 2005-12-02 at 11:11 +0100, Jonathan De Graeve wrote:
> We are not working with cookies in here.
>  
> The only thing todo this is to use the 'HTTP_X_FORWARDED_FOR' http
> header as the clientip
> And not all proxies sent this field. If you have a proxy you should
> enable it to sent this header.

I have it enabled in Squid (just checked the squid.conf) with the same
result as before.  I would prefer to not have this option enabled as it
will potentially expose the internal IP addressing schema to the
Internet.
>  
> I will work on a captive portal enhancement for this if its really
> necessary.

Thanks
>  
> Can't you just put the http proxy AFTER the m0n0wall box instead of
> before? And even then you can enable authentication on the proxy
> resulting in no need for a captive portal.

No. Putting the proxy after m0n0wall will expose the proxy to the
Internet (you knew that didn't you?)  I could install two m0n0wall
boxes.  One as the firewall, the other as the Captive Portal with the
Proxy in the middle.  Bit silly really.  Much better to use an optional
cookie.
>