| hi amos , thanks for reply .
but let me ask you other question for clarification .
in the section : external_acl_type type-name %SRC %LOGIN /path/to/ext_file_userip_acl -f /path/to/config.file
now i see it has the form : ip_addr[/netmask] username|@group|ALL|NONE
say i have 3 users
user1 user2 and user3
====================== user1 ——> 100.160.238.0:17648 user2—>100.160.238.1:48049 user3——>100.160.238.2:26394 =================
will the file /path/to/config.file be like below ????
100.160.238.0 user1 100.160.238.1 user2 100.160.238.2 user3
kind regards
On 24/09/2016 6:13 p.m., --Ahmad-- wrote:hi folks .
i have many ips on same server .
also i have basic_ncsa auth type on squid .
say i have 3 ips and i created 3 users .
the issue i have now is any user can use any outgoing address .
let me explain below :
auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user
acl ncsa_users proxy_auth REQUIRED
auth_param basic children 100
http_access allow ncsa_users
###############
http_port 100.160.238.0:17648
http_port 100.160.238.1:48049
http_port 100.160.238.2:26394
#############
acl ip1myip 100.160.238.0
acl ip2 myip 100.160.238.1
acl ip3 myip 100.160.238.2
#############
tcp_outgoing_address 100.160.238.0 ip1
tcp_outgoing_address 100.160.238.1 ip2
tcp_outgoing_address 100.160.238.2 ip3
'myip' matches the Squid IP address.tcp_outgoing_address is what sets the Squid IP address.See any problem with using the Squid IP address current value to set theSquid IP address?Use the myportname ACL instead. In your above config it will match theIP:port string on the htp_port line. For example: acl ip0 myportname 100.160.238.0:17648 tcp_outgoing_address 100.160.238.0 ip0Or you can add a name= parameter to each port to set a custom name forit that the myportname ACL looks for.########################
i created 3 users :
htpasswd -cdb /etc/squid/squid_user user1 user1
htpasswd -cdb /etc/squid/squid_user user2 user2
htpasswd -cdb /etc/squid/squid_user user3 user3
#################
now if user1 connected to 100.160.238.0:17648 it will be able to use it
also if connected to 100.160.238.1:48049 also will be able .
and so for 100.160.238.2:26394.
the question is
how can i let user1 only use 100.160.238.0:17648 and user2 only use 100.160.238.1:48049 and user3 only use 100.160.238.2:26394 ???
Use the ext_file_userip_acl helper. The format for entries in the helperconfig file is listed in the man page:<http://www.squid-cache.org/Versions/v3/3.5/manuals/ext_file_userip_acl.html>Replace the line "http_access allow ncsa_users" with the following:external_acl_type userIp %SRC /usr/bin/ext_file_userip_acl -f/etc/squid/userIP.confacl userIp external userIphttp_access deny !ncsa_usershttp_access allow userIpNP: that is all. Do not add userIp check to tcp_outgoing_address lines.After all the above changes your squid.conf should look something like this:## ... the default http_access rules at the top ...#### Your local custom rules go here:auth_param basic program /lib/squid/basic_ncsa_auth \ /etc/squid/squid_userauth_param basic children 100external_acl_type userIp %SRC %LOGIN /lib/squid/ext_file_userip_acl \ -f /etc/squid/userIP.confacl ncsa_users proxy_auth REQUIREDacl userIp external userIphttp_access deny !ncsa_usershttp_access allow userIphttp_access deny all##http_port 100.160.238.0:17648 name=0acl ip0 myportname 0tcp_outgoing_address 100.160.238.0 ip0http_port 100.160.238.1:48049 name=1acl ip1 myportname 1tcp_outgoing_address 100.160.238.1 ip1http_port 100.160.238.2:26394 name=2acl ip2 myportname 2tcp_outgoing_address 100.160.238.2 ip2Amos_______________________________________________squid-users mailing listsquid-users@xxxxxxxxxxxxxxxxxxxxxhttp://lists.squid-cache.org/listinfo/squid-users
|
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
