I use opnsense as a Proxy-Server.
I want, that only allowed users can connect via the Proxy to the Internet (on every PC in the Network), so i use a
Local Database user to authenticate the connection.
I have already:
- Created a User
- Created a Group for the User
- Gave this Group the ,,User Proxy: Login"-System Privileges
- Enabled Proxy at Services>Web Proxy>Administration>General Proxy Settings>Enable proxy[✓]
- Enabled Authentication at Services>Web Proxy>Administration>Forward Proxy>Authentication Settings> Authentication method = Local Database
Here is the problem: If i use this way to authentificate to the proxy, there is only a option to activate a
TTL like one Hour etc.
But i want that if i cut the connection between PC and Proxy for example after a reboot of my pc or changing the proxy settings on it, that i have to authenticate the local databasse user again.
I hope it is understandable what I am trying to say.
Is there a way to enable, that if a user is disconnected from proxy he has to authentificate again, without waiting an 1 Hour?
If possible without a Radius Server.
Thanks
HTTP is a stateless protocol. Your proxy server will not recognize whether the user is rebooting its device and no requests are coming or he is just idle, off from pc or just doing something else that does not generate web traffic?
QuoteIf a user is authenticated at the proxy you cannot "log out" and re-authenticate. The user usually has to close and re-open the browser windows to be able to re-login at the proxy.
See here:
https://wiki.squid-cache.org/Features/Authentication#Does_Squid_cache_authentication_lookups.3F (https://wiki.squid-cache.org/Features/Authentication#Does_Squid_cache_authentication_lookups.3F)
Since a reboot is like closing the browser and if you changed the credential caching to nothing, then it must be your browser that caches credentials between sessions/reboots.