[squid-users] Port or switch level authorization
Eliezer Croitoru
ngtech1ltd at gmail.com
Tue Feb 9 09:15:59 UTC 2021
Thanks Amos,
OK this seems to answer my question.
A session helper with ttl=3 should be enough if it will return the username associated by the helper.
The next thing is to block traffic if there is no username.
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
Zoom: Coming soon
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Tuesday, February 9, 2021 5:30 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Port or switch level authorization
On 8/02/21 10:48 pm, Eliezer Croitoru wrote:
> I have a Mikrotik PPPOE server and I would like to register the logged in
> user on PPPOE Tunnel creation.
> In the mikroitk device I have a code which can run a curl/fetch request with
> the login details ie IP and username towards any server.
> I was thinking about creating a PHP api that will be allowed access only
> from the Mikrotik devices.
> On every login the user+IP pairs will be written to a small DB.
> Squid in it's turn will use an external helper to run queries against the DB
> per request with small cache of 3-10 seconds.
Do you mean the ext_session_sql_acl helper?
>
> What's the best way to pass a username so with the ip it will be logged.
>
The helper needs to return user= kv-pair to Squid for this to be an
"authentication" rather than just authorization. That username will be
logged without anything special having to be done.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list