On 11/16/21 11:53 AM, Graminsta wrote: > Hello friends, > > > > I'm using these user authentication lines in squid.conf based on user’s > authentication list: > > > > auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/users > > auth_param basic children 5 > > auth_param basic realm Squid proxy-caching web server > > auth_param basic credentialsttl 2 hours > > auth_param basic casesensitive off > > > > http_access allow localhost > > acl clientes proxy_auth REQUIRED > > http_access allow clientes > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost manager > http_access deny manager > http_access deny all Please note that you are allowing authenticated clients to send traffic to unsafe ports. For example, they can CONNECT to non-SSL ports. You may want to reorder the above rules if that is not what you want. > #List of outgoings (all IPs are fake) > > http_port 181.111.11.111:4000 name=3 > acl ip3 myportname 3 > tcp_outgoing_address 2804:1934:2E1::3D6 ip3 > > > > http_port 181.111.11.112:4001 name=4 > acl ip4 myportname 4 > tcp_outgoing_address 2804:1934:3a8::3D7 ip4 > > > > The problem is that everyone whom is in the users file are allow to use > all tcp_outgoing_address. > > If a smarter client scans for open IPs and ports will be able to find > these outgoings. > > > > How can I restrict each user to their own tcp_outgoing_address output? I suspect you are asking the wrong question. A better question is "How do I restrict each user to their own http_port?". The answer is "Use http_access to deny authenticated users connected to wrong ports." However, you should also ask yourself another question: "Why am I using multiple http_ports if all I care about is who uses which tcp_outgoing_address?". The listening ports have virtually nothing to do with tcp_outgoing_address... I suspect you want something like this instead: http_port ... tcp_outgoing_address ...:3D01 user1 tcp_outgoing_address ...:3D02 user2 tcp_outgoing_address ...:3D03 user3 ... ...where userN is an ACL that matches an authenticated user N. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users