You cant. At least not without patching Squid to send this information.
There is two different approaches:
a) The general view of the Squid developers is that IP based access
controls should be separate from login management. To address the need
of being able to call external helpers for additional access controls
the external_acl extension <http://devel.squid-cache.org/external_acl>
has been developed.
b) There is also an extension to the basic authentication helper
interface that includes the client IP. See the authinfo Squid branch
<http://devel.squid-cache.org/projects.html#authinfo>. Please note
however that with this approach the IP is only checked on the initial
request. Active users may use any IP until their credentials expires
from the Squid auth cache.
There is also an older authentication extension somewhere simlar to "b",
but I cannot find it now.
Regards
Henrik Nordström
Squid Hacker
hgreen wrote:
>
> hi All,
> I have read the FAQs , User Guides,And Program Guides.
> From the flowing, I know the Squid transfer the "<username> <password>" to the external authentication program. My question is: How can I make the external authentication program to get the "client Source IP Address".
>
> regards
> thanks to All.
>
> hgreen
>
> ----------------------------------------
> 16.2 Authentication Module Interface
> Basic Authentication Modules
>
> Basic authentication provides a username and password. These are written to the authentication module processes on a single line, separated by a space:
>
> <USERNAME> <PASSWORD>
>
> The authentication module process reads username, password pairs on stdin and returns either ``OK'' or ``ERR'' on stdout for each input line.
>
> ------------------------
> I Love This World!
> ------------------------
Received on Tue Oct 16 2001 - 15:22:36 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:47 MST