________________________________

Van: Russell Ashdown [mailto:russell at ashdown dot net dot au]
Verzonden: vr 2/12/2005 12:14
Aan: Jonathan De Graeve; m0n0wall dash dev at lists dot m0n0 dot ch
Onderwerp: RE: [m0n0wall-dev] Captive Portal and HTTP Proxy



On Fri, 2005-12-02 at 11:11 +0100, Jonathan De Graeve wrote:
> We are not working with cookies in here.
> 
> The only thing todo this is to use the 'HTTP_X_FORWARDED_FOR' http
> header as the clientip
> And not all proxies sent this field. If you have a proxy you should
> enable it to sent this header.
>
>I have it enabled in Squid (just checked the squid.conf) with the same
>result as before.  I would prefer to not have this option enabled as it
>will potentially expose the internal IP addressing schema to the
>Internet.

The option isn't there yet, I was saying this as a programmers posibility
> 
> I will work on a captive portal enhancement for this if its really
> necessary.
>Thanks

How would you do it with cookies??? It would make the captive portal more complex without a need for
it.
> 
> Can't you just put the http proxy AFTER the m0n0wall box instead of
> before? And even then you can enable authentication on the proxy
> resulting in no need for a captive portal.

>No. Putting the proxy after m0n0wall will expose the proxy to the
>Internet (you knew that didn't you?)  I could install two m0n0wall
>boxes.  One as the firewall, the other as the Captive Portal with the
>Proxy in the middle.  Bit silly really.  Much better to use an optional
>cookie.
>

This is how I do it.

But networks could differ...

If you really want authentication then do it on your proxy. Squid is very good in it. IMHO you don't
need the captive portal...

J.