Re: Squid-authentification: auth+ip

From: Henrik Nordstrom <[email protected]>
Date: Sun, 10 Jan 1999 20:32:40 +0100

Roman Shterenzon wrote:
> I've read through the FAQ and release notes, but I haven't found
> way to make an acl based both on user/pass and on ip/mask.
> What I realy mean - suppose we have pool of 20 users, which we
> want to limit to only one segment - the teaching class, so they
> won't be able to browse from anywhere else.

I have now made an updated version of my proxy_auth ACL patch which
makes this fully possible. See http://hem.passagen.se/hno/squid/

acl teaching_class proxy_auth student01 student02 student03 ...
acl teaching_net src 10.0.0.0/24
http_access allow teaching_net teaching_class
http_access deny teaching_class
or (depending on if you want reauthentication or not)
http_access deny teaching_class !teaching_net

It also makes it possible to use deny_info on proxy_auth ACLs to show a
more detailed error message specific to the category (shown when the
user selects cancel on the authentication dialog).

If you want users to be required to reauthenticate with other
credentials when access is denied then they must be denied access by a
proxy_auth ACL, else Squid simply says that access is denied (or
whatever you have configured with deny_info).

---
Henrik Nordstrom
Spare time Squid hacker
Received on Sun Jan 10 1999 - 12:29:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:57 MST