Re: [squid-users] IP and MAC and login/password

From: Henrik Nordstrom <>
Date: Thu, 5 Feb 2004 14:30:02 +0100 (CET)

On Thu, 5 Feb 2004, Szemerédy Gábor wrote:

> the MAC address for the workstation matches and the IP address for the
> workstation matches and the login name and password are valid (coming
> from the same workstation)?

Yes, set up http_access rules and ACLs only allowing him access if all
three matches, deny them if not.

acl user1_MAC arp xx:xx:xx:xx:xx:xx
acl user1_IP src xx.xx.xx.xx
acl user1_LOGIN proxy_auth login_of_user1
http_access allow user1_LOGIN user1_IP user1_MAC
http_access deny user1_LOGIN
http_access deny user1_IP
http_access deny user1_MAC

[repeat for each user/station with this restriction]

A more efficient approach would be to extend the external acl concept with
a tag for the MAC address, allowing a helper like the ip_user helper to
verify that the triple is correct.

Received on Thu Feb 05 2004 - 06:30:12 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST