Does nobody have a tip for me ?! I have tried diferent combinations of the http_access rules over the weekend with no success. All users that have access with th eir SRC-address are able ot use every tcp_outgoing_address but they should be only alloewd to use their specific configured one's. Thanks. 2010/11/18 abuhle <abuhle132@xxxxxxxxxxxxxx>: > Hello Squid-Community, > > I have a Squid 2.7 installed and would like to achieve that a user is > only allowed to go out over their specified tcp_outgoing_address. > The configurations is working almost perfect, but it seems I have a > small failure in it. > > Problem: As long as a customer has access to the proxy (defined with > SRC-ACL) he can set ANY defined tcp_outgoing_address besides of the > specified one's. > The tcp_outgoing_address used by the proxy (in the case a user set an > other tcp_outgoing_address then he has assigned) is always the last > configured tcp_outgoing_address in the con file. > > Solution: A user should be not able to (guess and) use other > tcp_outgoing_addresses then the one's configured for him. > > Example: In the config below the user SMTM has the addresses > 109.123.109.8, 109.123.109.9 and 109.123.109.10 assigned BUT he has > also access when he use 109.123.109.11. > In that case the tcp_outgoing_address used by the proxy is always the > last created tcp_outoing_address entry (in that example > 109.123.93.201) > > Here is the config part: > ----------------------------------------------------------- > acl dk src 3.3.3.3 > acl smtm src 3.3.3.4 > > acl dkip1 myip 109.123.109.11 > acl dkip2 myip 109.123.109.12 > acl dkip3 myip 109.123.93.201 > > acl smtmip1 myip 109.123.109.8 > acl smtmip2 myip 109.123.109.9 > acl smtmip3 myip 109.123.109.10 > > acl dkmax maxconn 1 > acl smtmmax maxconn 2 > > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow admin-allow > http_access deny admin-deny > http_access allow dk > http_access deny dkmax dk > http_access deny dk > > http_access allow smtm > http_access deny smtmmax smtm > http_access deny smtm > > http_access deny all > > tcp_outgoing_address 109.123.109.8 smtmip1 smtm > tcp_outgoing_address 109.123.109.9 smtmip2 smtm > tcp_outgoing_address 109.123.109.10 smtmip3 smtm > > tcp_outgoing_address 109.123.109.11 dkip1 dk > tcp_outgoing_address 109.123.109.12 dkip2 dk > tcp_outgoing_address 109.123.93.201 dkip3 dk > ----------------------------------------------------------------------------------- > > Can anyone tell me what the Problem is ?! > Any suggestions ? > > Thanks&Regards, > Daniel >
