[squid-users] Authenticate_ip_ttl_strict

Amos Jeffries squid3 at treenet.co.nz
Tue Jan 12 22:31:00 UTC 2016


On 13/01/2016 8:26 a.m., Murat Balkan wrote:
> Hello,
> 
> I want to use authenticate_ip_ttl_strict on configuration (I have
> seen this mentioned in this group) but squid complains no such
> parameter at the startup. I am using version 3.1.23
> 

Because there is no such configuration directive. Never has been.

Are you confusing it with the -s flag on max_user_ip ACL?

 acl foo max_user_ip -s ...
 http_access deny foo


> What I am trying to achieve is during the IP TTL period, if a second
> user tries to log in to the proxy with the same username, he should
> be blocked until the first users IP TTL (or TTL) expires.

Please be aware that in the modern (post-1998) Internet every machine in
existence has at least 2 and potentially a huge number of IP addresses
it can make use of simultaneously.

> 
> Is it possible to achieve this? Right now I am applying the following
> acl
> 
> acl NO_USERNAME_SHARE max_user_ip 1
> 
> However it seems the second users first request is denied, but this
> also triggers the first users IP TTL to expire, therefore if the
> second user refreshes the page again, he is able to logged in.

  acl NO_USERNAME_SHARE max_user_ip -s 1

Amos


More information about the squid-users mailing list