Hi,
I wish to authenticate (NTLM) our users only once per working day:
authenticate_ip_shortcircuit_ttl 8 hours
When the user browses for the first time, he will be authenticated and his
IP will be cached so that, for the next 8 hours, Squid believes that
requests coming from this IP belong to that user. Now comes the tricky part:
if that user logs off and somebody else logs in before those 8 hours expire,
Squid would mistakenly associate the same IP with the previous identity. As
our IE browsers are pre-configured with a standard home page, and the new
user couldn't avoid opening it before being able to go elsewhere, I tried
enforcing (re)authentication for the home page:
acl HOME_PAGE url_regex -i homepage.intranet
authenticate_ip_shortcircuit_access deny HOME_PAGE
It didn't work.
Does authenticate_ip_shortcircuit_access accept only IP acl's ?
