On 31/07/2015 8:55 p.m., Kinkie wrote: > On Thu, Jul 30, 2015 at 11:57 PM, Berkes, David <David.J.Berkes@xxxxxxx> > wrote: > >> >> Just a basic question. I have a 3.5.0.4 forward proxy setup with basic >> authentication for my MDM proxy (iphones). All iphones are set with the >> global proxy and identical user-name/password. They will be on an LTE >> network and will be switching IP's often. The forward proxy >> user-name/password will always be the same from each iphone. I have read >> several things about (max_user_ip, authenticate_ip_ttl) and concerned with >> the setup. I essentially don’t want to limit any number of source >> connections using the same credentials. Please advise of any pitfalls >> and/or settings for many users switching IP's frequent, using the same >> login/passwd. >> >> > Hi, > there's none that I can think of. > Indeed. HTTP authentication has to re-authenticate on every single request - even within a persistent connection. It is naturally independent of IP unless you force them into a relationship. That forcing is what all the max-IP and user-IP external ACL helpers are for. Simply dont use them and you will be fine even if each TCP connection has unique IP addressing. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
