Squid - [squid-users] squid and firefox

Author

[squid-users] squid and firefox

Prashant Kumar

2004-04-29, 6:54 pm

Hi Peeps,

I've a problem here. Don't laugh at me, I'm only doing what my customers
want. I know this is not a squid issue at all and this should go to
firefox forum but if you guys have some tips I'll be grateful

I've five mozilla firefox browsers installed on linux. Each browser is
allowed out via squid proxy which authenticates using an external auth.
A usr/passwd is given to the client and it expires after 30 min. I have
all the controls in squid i.e when the user is logging in, when to kick
them out etc etc. Authentication mechanism is basic and a dialog pops
up on the browser after 30 min expiry.

Now I want the browser to display a timer. How do I do it please? Since
this timer has to synchronise with a successful login.. I guess I'll
have to hack firefox code.

Second thing is if a user has forgotten to log out of a say yahoo or
hotmail account, I don't want the next customer to read the previous
customers emails etc.

Any ideas welcome.

Henrik Nordstrom

2004-04-29, 6:54 pm

On 24 Apr 2004, Prashant Kumar wrote:

> Now I want the browser to display a timer. How do I do it please? Since
> this timer has to synchronise with a successful login.. I guess I'll
> have to hack firefox code.

Or you could use a "start of session" page (see earlier thread) and have
this open a small popup window showing the timer. The timer as such can
easily be syncronised with your backend keeping track of when the login
expires..

> Second thing is if a user has forgotten to log out of a say yahoo or
> hotmail account, I don't want the next customer to read the previous
> customers emails etc.

Make sure the browser is fully restarted between customers, and that the
cookie, history, urlbar and browser cache is cleared. Any of these may
contain sensitive information which you (or your customers) do not want to
be leaked between customers.

This is mostly a logistics question. How to detect that one person leaves
and another comes to the same station.

Regards
Henrik

Chris Wilcox

2004-04-29, 6:54 pm

>I've a problem here. Don't laugh at me, I'm only doing what my customers
>want. I know this is not a squid issue at all and this should go to
>firefox forum but if you guys have some tips I'll be grateful
>
>I've five mozilla firefox browsers installed on linux. Each browser is
>allowed out via squid proxy which authenticates using an external auth.
>A usr/passwd is given to the client and it expires after 30 min. I have
>all the controls in squid i.e when the user is logging in, when to kick
>them out etc etc. Authentication mechanism is basic and a dialog pops
>up on the browser after 30 min expiry.
>
>Now I want the browser to display a timer. How do I do it please? Since
>this timer has to synchronise with a successful login.. I guess I'll
>have to hack firefox code.
>
>Second thing is if a user has forgotten to log out of a say yahoo or
>hotmail account, I don't want the next customer to read the previous
>customers emails etc.

Since it's on Linux, couldn't you simply remove the ability to run Firefox
from icons etc, and then create script that maybe runs Firefox, then after
30 mins closes it again? Any user would simply run a shortcut to the script
from maybe the desktop, and then you'd be sure that after 30 mins Firefox
would close again? May not quite be as simple as I think but I'm pretty
sure it would work?

If you set Firefox not to keep history, cookies etc when closed then I see
no problems with previous users settings being found by others?

Can't comment on the timer, though it is possible that something may already
exist that is purely a 'timer app' in Linux. You could maybe call this to
run at the same time as you start Firefox, and then the user can check this
app at any time? The script would then close this app when it closes
Firefox ?

hth

Regards,

Chris

________________________________________
_________________________
Stay in touch with absent friends - get MSN Messenger
http://www.msn.co.uk/messenger

Prashant Kumar

2004-04-29, 6:54 pm

Thanks for your reply Henrik.

Problem is I've disabled popups completely. The other thing about cache
and stuff .. I've disabled caching now.

That's exactly I was worried about - tying browser closely to the squid.
Maybe I should try a timer which queries a mysql database (one used by
my squid ext auth) and display one on the client.

On Sat, 2004-04-24 at 15:01, Henrik Nordstrom wrote:
> On 24 Apr 2004, Prashant Kumar wrote:
>
>
> Or you could use a "start of session" page (see earlier thread) and have
> this open a small popup window showing the timer. The timer as such can
> easily be syncronised with your backend keeping track of when the login
> expires..
>
>
> Make sure the browser is fully restarted between customers, and that the
> cookie, history, urlbar and browser cache is cleared. Any of these may
> contain sensitive information which you (or your customers) do not want to
> be leaked between customers.
>
> This is mostly a logistics question. How to detect that one person leaves
> and another comes to the same station.
>
> Regards
> Henrik

Prashant Kumar

2004-04-29, 6:54 pm

Thanks for your reply Chris.

Th problem is expiry time could be anyhthing set in my dbm or mysql
database (which my ext auth PERL script looks at). I'm after the event
when proxy kicks a user out on the browse i.e a successful login and
kickout.

Browser could be left open by users after the proxy has kicked them out.
I guess this is an operational issue as Henrik said.

On Sat, 2004-04-24 at 15:56, Chris Wilcox wrote:
>
> Since it's on Linux, couldn't you simply remove the ability to run Firefox
> from icons etc, and then create script that maybe runs Firefox, then after
> 30 mins closes it again? Any user would simply run a shortcut to the script
> from maybe the desktop, and then you'd be sure that after 30 mins Firefox
> would close again? May not quite be as simple as I think but I'm pretty
> sure it would work?
>
> If you set Firefox not to keep history, cookies etc when closed then I see
> no problems with previous users settings being found by others?
>
> Can't comment on the timer, though it is possible that something may already
> exist that is purely a 'timer app' in Linux. You could maybe call this to
> run at the same time as you start Firefox, and then the user can check this
> app at any time? The script would then close this app when it closes
> Firefox ?
>
> hth
>
> Regards,
>
> Chris
>
> ________________________________________
_________________________
> Stay in touch with absent friends - get MSN Messenger
> http://www.msn.co.uk/messenger

Henrik Nordstrom

2004-04-29, 6:54 pm

On 24 Apr 2004, Prashant Kumar wrote:

> Browser could be left open by users after the proxy has kicked them out.
> I guess this is an operational issue as Henrik said.

You have control over the client stations, right? If so then there is no
problem to have the proxy kill the browser on the client station when the
account has expired.

But you still have the slight problem of a user leaving the station before
his time is up.

Regards
Henrik

David Brodbeck

2004-04-29, 6:54 pm

> -----Original Message-----
> From: Prashant Kumar [mailto:prashk@staff.btltd.net]
> Sent: Saturday, April 24, 2004 2:55 PM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] squid and firefox

> Problem is I've disabled popups completely. The other thing
> about cache
> and stuff .. I've disabled caching now.

Firefox's popup blocker has an exception list. You could add your local
site to the list of exceptions.

Henrik Nordstrom

2004-04-29, 6:55 pm

On 28 Apr 2004, Prashant Kumar wrote:

> But as a temporary fix I would kill the browser from the server doing an
> ssh or something. Can you tell me how many times an ext acl is called by
> squid

Once per ttl and unique query to the helper.

See the external_acl_type directive for the ttl definition of external
acls.

Regards
Henrik