Finbarr O'Kane (Sysadmin) wrote:
> This is fine, but what we are hoping to do is to not only restrict by
> requiring a username/password, but to also restrict by the hostname that
> a current user is requesting proxied http from
> user joebloggs , logs onto 'itchy', and sets up his proxies as usual,
> authenticates and everything is fine.
>
> if he then proceeds the log onto 'scratchy' then squid still lets him
> through since he has provided a valid username and password.
Sorry. I do not understand what you are talking about here.
Proxy username & password are cached by the browser, not by Squid. If
the user starts another browser then he has to authenticate again unless
he has provided his username+password to his browser by some other means
than manual authentication.
> If anyone has any suggestions on how to perhaps restrict this on both
> levels then I would be most appreciative.
>
> If moving to squid-2.0 is required, then so be it :)
With Squid 2.0 detailed access restrictions are possible, but it
requires a large amounts of ACL lists.
acl host_scratchy src scratchy
acl host_itchy src itchy
acl user_joebloggs user joebloggs
acl user_finbarr user finbarr
# Allow joebloggs from itchy
http_access allow user_joebloggs host_itchy
# Allow finbarr from scratchy
http_access allow user_finbarr host_scratchy
--- Henrik Nordström Sparetime Squid HackerReceived on Mon Oct 05 1998 - 22:01:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:20 MST