David Rodríguez Fernández wrote:
Hi, I have my own auth_param basic program script to authenticate my squid users. My perl script is working fine. I do an autentication based on login/password and a query to an oracle database. I have a squid server for all mi organization. All the users are browsing the web through this server. The users need an username and password to access Internet and a valid record on the oracle database. I have a vpn users who connect with the organization net over gprs/3g mobiles and laptops. All of these users have access to squid, but I don't want that all mobile users to browse the Internet over a mobile connection, only the VIPs ones (we pay for total bytes transferred). The vpn don't know nothing about limit user access based on login username, so I need to limit this on squid config. All the mobile connection comes to squid from a separate IP network, so I can decide if a user have access to squid based in IP source/login/password. There's some configuration that I can have 2 separate auth_param basic program scripts based on source IP? I can change the behavior of data entry? from: login password to: IP login password There's another more simple solution?
acl norm_auth proxy_auth REQUIRED acl moble_auth proxy_auth bob jane me acl moble src 10.10.10.5/32 acl mynet src 10.10.10.0/24 # Deny access to traffic sourced from 10.10.5 unless it's bob, jane or me http_access deny !moble_auth moble ...other http_access rules go here... http_access deny all Chris
