On 15/09/2013 7:54 a.m., Ralph LoBianco wrote:
> Hi, Right now I have squid setup with Multiple IPS and its working fine like
> this.
>
> acl ip1 myip 192.168.1.101
> acl ip2 myip 192.168.1.102
> acl ip3 myip 192.168.1.103
> acl ip4 myip 192.168.1.104
> acl ip5 myip 192.168.1.105
> acl ip6 myip 192.168.1.106
Note that "myip" does not work reliably. It has been replaced by localip
and myportname ACL types where the localip ACL matches the IP at the
Squid end of the client TCP connection and myportname matches the
https_port/https_port Squid received that connection at (Note that these
things are different for some traffic modes).
> tcp_outgoing_address 192.168.1.101 ip1
> tcp_outgoing_address 192.168.1.102 ip2
> tcp_outgoing_address 192.168.1.103 ip3
> tcp_outgoing_address 192.168.1.104 ip4
> tcp_outgoing_address 192.168.1.105 ip5
> tcp_outgoing_address 192.168.1.106 ip6
>
> But I want to limit what IP's certain users have access to like this..
>
> User1 to have access to ip1 ip2 and ip3
> User2 to have access to ip1 only
> User3 to have access to ip1 ip2 ip3 ip4
> User4 to have access to ip1 ip2
>
> How would I accomplish this? This ACL stuff has me a little confused. Not
> sure if I can use multiple ACLS to do this, etc.
This is best doen with an external ACL helper
(http://www.squid-cache.org/Doc/man/)
Under "Access Controls" there are two helpers checking "userip".
Note the "ext_userip_file_acl" helper is available in older Squid
versions than 3.2, but by a different name and undocumented. If
necessary you can build the 3.2 sources with that helper and copy the
resulting helper binary into an existing older Squid installation.
Amos
Received on Fri Sep 20 2013 - 04:18:00 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 20 2013 - 12:00:05 MDT