Re: [squid-users] Logon to specific machine

From: Leonardo Rodrigues Magalhães <leolistas@dont-contact.us>
Date: Thu, 30 Aug 2007 00:40:27 -0300

Noel Manansala escreveu:
> Hi,
>
> I am using Squid 3.0 on a Fedora 5. Authentication is thru ncsa_auth.
> My question is, is there a way to limit the users to access the
> internet only in some specified machine. The control will be based on
> the login account. Example, user squid_user can only access the
> internet if he uses IP address 192.168.20.10.
>
> Is this possible?
>
>

    Yes, completly possible. If we're talking about few users and you
dont care of creating ACLs for each one of them, you can easily do:

acl ip_john src 192.168.20.10
acl user_john proxy_auth -i john

http_access allow ip_john user_john
http_access deny user_john

and repeating this several times, just adjusting username and IP address.

    If we're talking of several users, maybe using the ip_user external
helper would be a smarter idea. Look the README of this helper:

http://fresh.t-systems-sfr.com/unix/src/www/squid-3.0.PRE6.tar.gz:a/squid-3.0.PRE6/helpers/external_acl/ip_user/README

    If you're using squid from a prebuild package (RPM, deb, etc),
please check the presence of ip_user helper. If it's available from your
package it should be easy to use it. If it's not available, probably
we'll need some tweaking and rebuilting the package. If you're compiling
squid, it should be even easier recompiling it adding the new helper.

-- 
	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br
	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it

Received on Wed Aug 29 2007 - 21:40:47 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT