Re: [squid-users] 24h trusted IP

From: Will Roberts <ironwill42_at_gmail.com>
Date: Wed, 10 Aug 2011 17:31:42 -0400

On Wed, Aug 10, 2011 at 12:56 PM, alexus <alexus_at_gmail.com> wrote:
> 2) add ip for 24h to a trusted list, so it will not prompt for
> userid/password until 24h is expired
>

Add an external_acl_helper that checks against a list of trusted IPs.
It's up to you to maintain that list, but that shouldn't be hard. I
don't have the 24 hour constraint, but needed to allow certain IPs to
not require user/pass, so here's my helper:

#!/bin/bash

while true
do
 read LINE
 RESULT=`sed -n s/"$LINE "//p /etc/squid3/auth.ips`
 if [ -z "$RESULT" ]; then
   echo ERR 2> /dev/null
 else
   echo OK user=$RESULT 2> /dev/null
 fi

 if [ $? -ne 0 ]; then
   exit 1;
 fi
done

The auth.ips file looks like:

1.2.3.4 user1
1.2.3.5 user2

Then in squid.conf I have this to define the helper:

external_acl_type ipauth children=1 %SRC /etc/squid3/ip_auth.sh
acl ip-auth external ipauth

Then you allow access using ip-auth before your current acl that prompts.

--Will
Received on Wed Aug 10 2011 - 21:31:49 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 11 2011 - 12:00:01 MDT