On 14/01/2016 5:35 a.m., Christian Kunkel wrote: > Hey guys, > > i need a way to autheticate or authorize users to my squid server so > i can create some kind of a session and drop users after x hours they > have been using my proxy. important thing would be to create only one > session per user. i do not have access to users network. they are > connecting from the internet and they also have nated ips. i thought > about the classic way with http headers but i run into problems with > some devices. so thats useless for me. to use the ip adress is also > not possible because it would authorize a lot of ppl at once if they > are behind a nat. thats not what i want. i only can add a proxy > adress and a port to the devices which are connecting. right now i am > using a unique port for every user. then redirect the port to a > splash screen with a login form. when login is is successfull it > triggers an iptables-script which redirects that port to squid. but > that means every one can actually use that port after someone > successfully logged in. Then your iptables script is redirecting wrong. It should only add rules to redirect a specific src-IP / dst-port pair. > > i am using squid 3.5.13 on debian 8. > > some hints would be awesome. thanks in advance guys :) > Use the ext_session_acl helper or ext_session_sql_acl helper with "user" login as the session key / helper format. If you were using HTTP authentication the key would be %LOGIN. Since you are not it will be whatever you are using to identify the "user" within Squid. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
