Re: Authentication + IP checking

From: Heinz Ahrens <xf01070@dont-contact.us>
Date: Thu, 20 Jan 2000 15:21:18 +0100 (MET)

Hallo,

we use Squid2.3.STABLE1 with this feature in squid.conf:

# With this option you control how long a proxy authentication
# will be bound to a specific IP address. If a request using
# the same user name is received during this time then access
# will be denied and both users are required to reauthenticate
# them selves.

authenticate_ip_ttl 30

With proxy_auth the user can only logon one time. So two peoples can not
surf with the same logon the same time. But the user can use another PC to
surf with his username and password.

Greetings from Germany

   Heinz Ahrens

> Hello to everyone on the list!
>
> I'm having some trouble trying to solve this
> problem... I have got authentication working in Squid
> pretty well (with the proxy_auth ACL stuff). What I am
> desperately trying to do is limit the users to login
> ONLY from their machines (only on their IP adresses).
>
> There are only 10 IP addresses allowed to surf the web
> today, using Squid as the proxy server (the rest of
> the network can't access port 3128; the firewall rules
> block it). What I am trying to do is avoid that EVEN
> people who are allowed to surf the web do it outside
> their PCs. Kinda "lock" the username + password to the
> machine's IP adresses.
>
> For example: today, say, John has a username and
> password. His IP address in our network is 10.1.1.130.
> Mary also has her username and her password and her IP
> address is 10.1.1.131. I don't want her to be able to
> use her username/password in John's machine and
> vice-versa. I know this sounds paranoid and it is ;-)
> but I just receive orders anyway :)
>
> If someone has any helpful trick, I'd be REALLY
> thankful!!
>
> Gustavo Viscaino
> System Administrator
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>

-- 
Sent through Global Message Exchange - http://www.gmx.net
Received on Thu Jan 20 2000 - 07:38:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:37 MST