Re: [squid-users] Re: Dual auth based on IP source

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 08 Jan 2009 12:26:18 -0900

David Rodríguez Fernández wrote:
> Hi,
>
> I have my own auth_param basic program script to authenticate my squid
> users. My perl script is working fine. I do an autentication based on
> login/password and a query to an oracle database.
>
> I have a squid server for all mi organization. All the users are
> browsing the web through this server. The users need an username and
> password to access Internet and a valid record on the oracle database.
> I have a vpn users who connect with the organization net over gprs/3g
> mobiles and laptops. All of these users have access to squid, but I
> don't want that all mobile users to browse the Internet over a mobile
> connection, only the VIPs ones (we pay for total bytes transferred).
> The vpn don't know nothing about limit user access based on login
> username, so I need to limit this on squid config. All the mobile
> connection comes to squid from a separate IP network, so I can decide
> if a user have access to squid based in IP source/login/password.
>
> There's some configuration that I can have 2 separate auth_param basic
> program scripts based on source IP?
>
> I can change the behavior of data entry?
> from:
> login password
> to:
> IP login password
>
> There's another more simple solution?
>

acl norm_auth proxy_auth REQUIRED
acl moble_auth proxy_auth bob jane me
acl moble src 10.10.10.5/32
acl mynet src 10.10.10.0/24

# Deny access to traffic sourced from 10.10.5 unless it's bob, jane or me
http_access deny !moble_auth moble
...other http_access rules go here...
http_access deny all

Chris
Received on Thu Jan 08 2009 - 21:24:35 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 27 2009 - 12:00:03 MST