On Thu, 5 Feb 2004, Szemerédy Gábor wrote:
> the MAC address for the workstation matches and the IP address for the
> workstation matches and the login name and password are valid (coming
> from the same workstation)?
Yes, set up http_access rules and ACLs only allowing him access if all
three matches, deny them if not.
acl user1_MAC arp xx:xx:xx:xx:xx:xx
acl user1_IP src xx.xx.xx.xx
acl user1_LOGIN proxy_auth login_of_user1
http_access allow user1_LOGIN user1_IP user1_MAC
http_access deny user1_LOGIN
http_access deny user1_IP
http_access deny user1_MAC
[repeat for each user/station with this restriction]
A more efficient approach would be to extend the external acl concept with
a tag for the MAC address, allowing a helper like the ip_user helper to
verify that the triple is correct.
Regards
enrik
Received on Thu Feb 05 2004 - 06:30:12 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST