Thanks again. That’s what I was looking to clarify! -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries Sent: Friday, July 31, 2015 12:32 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: forward proxy - many users with one login/passwd. On 31/07/2015 8:55 p.m., Kinkie wrote: > On Thu, Jul 30, 2015 at 11:57 PM, Berkes, David > <David.J.Berkes@xxxxxxx> > wrote: > >> >> Just a basic question. I have a 3.5.0.4 forward proxy setup with >> basic authentication for my MDM proxy (iphones). All iphones are set >> with the global proxy and identical user-name/password. They will be >> on an LTE network and will be switching IP's often. The forward >> proxy user-name/password will always be the same from each iphone. I >> have read several things about (max_user_ip, authenticate_ip_ttl) and >> concerned with the setup. I essentially don’t want to limit any number of source >> connections using the same credentials. Please advise of any pitfalls >> and/or settings for many users switching IP's frequent, using the >> same login/passwd. >> >> > Hi, > there's none that I can think of. > Indeed. HTTP authentication has to re-authenticate on every single request - even within a persistent connection. It is naturally independent of IP unless you force them into a relationship. That forcing is what all the max-IP and user-IP external ACL helpers are for. Simply dont use them and you will be fine even if each TCP connection has unique IP addressing. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users ________________________________ Piper Jaffray & Co. Since 1895. Member SIPC and NYSE. Learn more at www.piperjaffray.com. Piper Jaffray corporate headquarters is located at 800 Nicollet Mall, Minneapolis, MN 55402. Piper Jaffray outgoing and incoming e-mail is electronically archived and recorded and is subject to review, monitoring and/or disclosure to someone other than the recipient. This e-mail may be considered an advertisement or solicitation for purposes of regulation of commercial electronic mail messages. If you do not wish to receive commercial e-mail communications from Piper Jaffray, go to: www.piperjaffray.com/do_not_email to review the details and submit your request to be added to the Piper Jaffray "Do Not E-mail Registry." For additional disclosure information see www.piperjaffray.com/disclosures _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
