Van: Russell Ashdown [mailto:russell at ashdown dot net dot au]
Verzonden: vr 2/12/2005 12:14
Aan: Jonathan De Graeve; m0n0wall dash dev at lists dot m0n0 dot ch
Onderwerp: RE: [m0n0wall-dev] Captive Portal and HTTP Proxy
On Fri, 2005-12-02 at 11:11 +0100, Jonathan De Graeve wrote:
> We are not working with cookies in here.
> The only thing todo this is to use the 'HTTP_X_FORWARDED_FOR' http
> header as the clientip
> And not all proxies sent this field. If you have a proxy you should
> enable it to sent this header.
>I have it enabled in Squid (just checked the squid.conf) with the same
>result as before. I would prefer to not have this option enabled as it
>will potentially expose the internal IP addressing schema to the
The option isn't there yet, I was saying this as a programmers posibility
> I will work on a captive portal enhancement for this if its really
How would you do it with cookies??? It would make the captive portal more complex without a need for
> Can't you just put the http proxy AFTER the m0n0wall box instead of
> before? And even then you can enable authentication on the proxy
> resulting in no need for a captive portal.
>No. Putting the proxy after m0n0wall will expose the proxy to the
>Internet (you knew that didn't you?) I could install two m0n0wall
>boxes. One as the firewall, the other as the Captive Portal with the
>Proxy in the middle. Bit silly really. Much better to use an optional
This is how I do it.
But networks could differ...
If you really want authentication then do it on your proxy. Squid is very good in it. IMHO you don't
need the captive portal...