On 14/01/2016 6:50 a.m., Christian Kunkel wrote: > hey amos, > > maybe my english is too bad or maybe i am just not getting it. i can > not use any kind of ip as authentication or authorization. first of > all because of nat and second would be that the ip of a user changes > regarding his location (mobile network). The only mention I made of IPs was how your iptables rules need to be more restrictive to reduce the abuse that is possible. > > my understanding of ext_session_acl is or was that it uses an ip to > create the session?! so if ip changes the session is dropped (can > happen every 5min or when i am lucky the ip does not change for a > couple of hours). > Both session helpers we provide use the external_acl directives 'format' field as the session key. The basic session helper only accepts one parameter value in the format, the SQL-session helper accepts any number. Online tutorials tend to use %SRC (IP address), our man page actually uses %LOGIN (auth username). You will just need to use something else. The helper does not care, its just needing a unique per-session piece of text. If you need more than one token to make up the key use the sql_session helper. It also fits in better with the splash page doing "login", since that splash page script will need to be the part doing session creation in the DB. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
