On 8/04/19 5:24 am, jyliu wrote: > ****UPDATE**** > > I find the problem... In UserIp file, if I put user's ip (my own pc's ip for > example), it works. > > So now my userIp.conf is: (that's my own ip) > 209.xxx.109.90 test > > And my squid.conf is: (This is the outgoing Ip i want to proxy to) > http_port 204.188.217.14:3128 name=0 > acl ip1 myportname 0 > tcp_outgoing_address 204.188.217.14 ip1 > > This works... > > However, this isn't what I want... I want authenticate the user based on > their username and password, not base on their own pc's ip address. So Please note that this is *not* "authentication" by IP address. It is "authorization" by IP + login. Specifically the "%SRC %LOGIN" pair. As noted in my earlier comments to the log trace, the login step succeeds completely. Only after that the IP+login ACL fails. In other words: The clients credentials were valid, but not sufficient to give access privilege to the request. > ideally, as long as the username and password is correct, one can have > 204.188.217.14:3128:test:testpassword > on any of their own ip address.. > > > Sorry I think I may mistake the function of 'external_acl_type'? You have been passing the helper the %SRC format code. That expands to the client IP address. See <http://www.squid-cache.org/Versions/v3/3.4/cfgman/external_acl_type.html> for the list of codes in Squid-3.4. Any which expand to an IP address can be used where you currently have %SRC. You need the %MYADDR format code to give the helper the Squid receiving IP address. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
