Search squid archive

Re: Squid bind each outgoing ip to a user?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/04/19 5:24 am, jyliu wrote:
> ****UPDATE****
> 
> I find the problem... In UserIp file, if I put user's ip (my own pc's ip for
> example), it works.
> 
> So now my userIp.conf is: (that's my own ip)
> 209.xxx.109.90 test
> 
> And my squid.conf is: (This is the outgoing Ip i want to proxy to)
> http_port 204.188.217.14:3128 name=0
> acl ip1 myportname 0
> tcp_outgoing_address 204.188.217.14 ip1
> 
> This works...
> 
> However, this isn't what I want... I want authenticate the user based on
> their username and password, not base on their own pc's ip address. So



Please note that this is *not* "authentication" by IP address. It is
"authorization" by IP + login.  Specifically the "%SRC %LOGIN" pair.

As noted in my earlier comments to the log trace, the login step
succeeds completely. Only after that the IP+login ACL fails.

In other words: The clients credentials were valid, but not sufficient
to give access privilege to the request.



> ideally, as long as the username and password is correct, one can have 
> 204.188.217.14:3128:test:testpassword
> on any of their own ip address..
> 
> 
> Sorry I think I may mistake the function of 'external_acl_type'?

You have been passing the helper the %SRC format code. That expands to
the client IP address.

See
<http://www.squid-cache.org/Versions/v3/3.4/cfgman/external_acl_type.html>
for the list of codes in Squid-3.4. Any which expand to an IP address
can be used where you currently have %SRC.


You need the %MYADDR format code to give the helper the Squid receiving
IP address.


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux