Re: [squid-users] ACL control over 2 private subnet and 1 public subnet

From: Henrik Nordstrom <[email protected]>
Date: Mon, 7 Jan 2002 04:45:44 +0100

If you are using NAT to hide the users IP addresses before they reach
Squid, then Squid will have a very hard time basing access on such
information as it plain is not available.

I think you should consider using authentication, requiring the users to
log in to the proxy service to reach the Internet. This way you can base
access controls on username, no matter what station they are currently
using.

Regards
Henrik Nordstr�m
Squid Developer

On Sunday 06 January 2002 16.42, Lim Seng Chor wrote:
> Hi,
>
> I have 2 subnets using private ip address and 1 subnet using public ip
> address (in fact it is DMZ).
> My squid box located at DMZ network but i find it very hard to generate
> the ACL to control my clients' http access coming from the private
> networks since the connections from the clients to the squid box are
> origin from the same IP which is the interior gateway IP.
> In this case, is there anyway I can restrict the http access based on
> client hostname or private ip address.
> Thank you for your help.

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Sun Jan 06 2002 - 20:56:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST