Re: [squid-users] Controlling access using MySQL

From: Henrik Nordstrom <[email protected]>
Date: Sun, 20 Feb 2005 15:57:07 +0100 (CET)

On Sat, 19 Feb 2005, Colin O'Keeffe wrote:

> I new to squid, very new! All i can do is compile it
>
> Now heres the story.
> I have my users in a MySQL db that RADIUS uses to authenticate them.
>
> The user, in there IP Configuration has a gateway in of the router.
> Now when they make a request the request is routed to Squid. (alot of
> people do this ?)
>
> MY question is, can i use the MySQL db with users info in it to act as
> an ACL so i can turn on / off peoples access through the proxy (if
> there being naughty) ? Would SQUID be able to know which IP the
> request is coming from if its going through a router?

If you can devise a method whereby you can look up the username from the
IP address then you can plug this into Squid via the external_acl
directive.

If you configure the clients to use the proxy you can also configure Squid
to require authentication, asking the user to provide his login+password
and have Squid verify this either directly to MySQL or via RADIUS. This is
done via the "auth_param basic program" directive.

As there is no standard on how accounts are stored in MySQL databases
there is no standard helper available, but writing an authentication
helper to Squid is not hard. All the helper need to do is to read username
passwords pairs as input and echo back OK/ERR indicating if the login was
valid or not.

Similar for the external_acl helpers. These just reads the data specified
as input (in your case the client IP) and echos back if this is OK and
optionally which username to associate the request with.

Regards
Henrik
Received on Sun Feb 20 2005 - 07:57:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST