On 7/04/19 4:45 pm, jyliu wrote: > I am trying to use squid and bind 2 outgoing ips separately to 2 users. > > The ideal results will be, I can access the following: > > xxx.xxx.xxx.14:3128:user1:user1password > xxx.xxx.xxx.18:3128:user2:user2password > > But not: > > xxx.xxx.xxx.14:3128:user2:user2password > xxx.xxx.xxx.18:3128:user1:user1password > > I find a similar question on stackoverflow and thus use a similar > squid.conf: > > > acl http proto http > acl port_80 port 80 > acl port_443 port 443 > acl CONNECT method CONNECT > > > auth_param basic program /usr/lib64/squid/basic_ncsa_auth > /etc/squid/passwords > acl ncsa_users proxy_auth REQUIRED > external_acl_type userIp %SRC %LOGIN /usr/lib64/squid/ext_file_userip_acl -f > /etc/squid/userIp.conf > > acl userIp external userIp > > http_access deny !ncsa_users > http_access allow userIp > http_access deny all > > http_port 3128 > acl ip1 myip xxx.xxx.xxx.14 > tcp_outgoing_address xxx.xxx.xxx.14 ip1 > > acl ip2 myip xxx.xxx.xxx.18 > tcp_outgoing_address xxx.xxx.xxx.18 ip2 > > > And in my userIp.conf I have: > > > xxx.xxx.xxx.14 user1 > xxx.xxx.xxx.18 user2 > > > And in my /etc/squid/passwords I have the following created by htpasswd: > > > user1:encrypted password > user2:encrypted password > > The problem is: if I delete* 'http_access deny !ncsa_users'*, then user1 can > access both xxx.xxx.xxx.14 and xxx.xxx.xxx.18. Same with user2. ... because they are no longer required to login to have their requests serviced by the proxy. > > But if I keep* 'http_access deny !ncsa_users'* as it is, then all connection > fails. Fails how? Squid sending back a 401/407 "please give your credentials" response? Squid delivering a 403 forbidden response? Squid not breaking HTTP to cause the IP mapping you wanted to see? Something else? > > I feel *'http_access allow userIp'* doesn't work as it intends to. "feelings" are irrelevant here. These ACL rules are algorithms. They can be calculated and most importantly their calculations can be viewed. Please add "-d" command line option to your squid.conf helper lines to see what the helpers are actually doing. And "debug_options 11,2 28,5" to your squid.conf see what is actually going on. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
