Thanks Amos, OK this seems to answer my question. A session helper with ttl=3 should be enough if it will return the username associated by the helper. The next thing is to block traffic if there is no username. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx Zoom: Coming soon -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries Sent: Tuesday, February 9, 2021 5:30 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Port or switch level authorization On 8/02/21 10:48 pm, Eliezer Croitoru wrote: > I have a Mikrotik PPPOE server and I would like to register the logged in > user on PPPOE Tunnel creation. > In the mikroitk device I have a code which can run a curl/fetch request with > the login details ie IP and username towards any server. > I was thinking about creating a PHP api that will be allowed access only > from the Mikrotik devices. > On every login the user+IP pairs will be written to a small DB. > Squid in it's turn will use an external helper to run queries against the DB > per request with small cache of 3-10 seconds. Do you mean the ext_session_sql_acl helper? > > What's the best way to pass a username so with the ip it will be logged. > The helper needs to return user= kv-pair to Squid for this to be an "authentication" rather than just authorization. That username will be logged without anything special having to be done. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
