Re: [squid-users] [2] Authentication problem

Try 2.4ST1.. http://www.squid-cache.org/Versions/v2/2.4/
authenticate_ip_ttl_is_strict : With this enabled Squid denies requests if a
user appears to change IP addresses within the authenticate_ip_ttl time.

Best regards,
Ilker G.
 

> Kimden: Viacheslav E.Voytovich [mailto:slava@siat.ru]
> Tarih: Monday, May 21, 2001 10:34 AM
> Kime: squid-users@squid-cache.org
> Konu: [squid-users] [2] Authentication problem
>
>
> Hi !
>
> I am using Squid 2.3 STABLE4 and while tuning authentication
> I got such
> problem.
> I have such configuration of auth:
>
> Auth program is ncsa_auth
> authenticate_children 5
> authenticate_ttl 1800
> authenticate_ip_ttl 1800
>
> acl SiatUsers src 192.168.1.0/255.255.255.0 192.168.10.0/255.255.255.0
> 192.168.11.0/255.255.255.0 195.239.171.0/255.255.255.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl Dejur src 192.168.1.7/255.255.255.255
> acl BlackList src 192.168.1.107/255.255.255.255
> 195.239.171.18/255.255.255.255
> acl all src 0.0.0.0/0.0.0.0
> acl Password proxy_auth REQUIRED
>
> acl Downloading urlpath_regex -i -nocase "/path/to/file/files.deny"
> acl SexSites url_regex -i -nocase "/path/to/file/sites.deny"
>
> acl manager proto cache_object
> acl HTTPProtocol proto HTTP
>
> acl DejurTime0 time 00:00-09:00
> acl DejurTime1 time 18:30-23:59
> acl DejurTime2 time SA
>
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT
>
> http_access deny Downloading
> http_access deny SexSites
> http_access deny BlackList
> http_access deny !Password
> http_access deny Dejur DejurTime0
> http_access deny Dejur DejurTime1
> http_access deny Dejur DejurTime2
> http_access allow SiatUsers HTTPProtocol
> http_access deny SiatUsers !HTTPProtocol
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny all
>
> There is a such problem.
> I send requests from PC with IP, for example, 192.168.1.10 and
> 192.168.1.11 and authenticate myself with same user/pass at both PCs.
> All requests are sent in authenticate_ttl window.
> If I send first request from 192.168.1.10 proxy pass one through. But
> now all requests from 192.168.1.10 pass through without any auth
> questions from proxy, and proxy require authenticate requests from
> 192.168.1.11 for user/pass. Besides proxy requires authentication only
> after any requests to be sent from 192.168.1.10.
>
> In documentation about authenticate_ip_ttl:
> "With this option you control how long a proxy authentication will be
> bound to a specific IP address. If a request using the same
> user name is
> received during this time then access will be denied and both
> users are
> required to reauthenticate themselves."
>
> Why does squid require the authentication for 192.168.1.11 and don't
> require for 192.168.1.10 when I use same user name at both these PCs.
>
> I want to reauthenticate user when user send the requests
> from other PC
> then before.
>
> Where is the problem?
>
> With best regards
> Viacheslav Voytovich
>

Bu e-postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres
sahib(ler)ine ait olup, Sumerbank A.S hic bir sekilde sorumlu tutulamaz.
The information contained in this E-Mail and any files transmitted with it
are intended solely for the use of the individual or entity to whom they are
addressed and do not reflect those of Sumerbank A.S.
Received on Mon May 21 2001 - 06:40:13 MDT