[squid-users] forward proxy - many users with one login/passwd.
Amos Jeffries
squid3 at treenet.co.nz
Fri Jul 31 17:32:15 UTC 2015
On 31/07/2015 8:55 p.m., Kinkie wrote:
> On Thu, Jul 30, 2015 at 11:57 PM, Berkes, David <David.J.Berkes at pjc.com>
> wrote:
>
>>
>> Just a basic question. I have a 3.5.0.4 forward proxy setup with basic
>> authentication for my MDM proxy (iphones). All iphones are set with the
>> global proxy and identical user-name/password. They will be on an LTE
>> network and will be switching IP's often. The forward proxy
>> user-name/password will always be the same from each iphone. I have read
>> several things about (max_user_ip, authenticate_ip_ttl) and concerned with
>> the setup. I essentially don’t want to limit any number of source
>> connections using the same credentials. Please advise of any pitfalls
>> and/or settings for many users switching IP's frequent, using the same
>> login/passwd.
>>
>>
> Hi,
> there's none that I can think of.
>
Indeed.
HTTP authentication has to re-authenticate on every single request -
even within a persistent connection. It is naturally independent of IP
unless you force them into a relationship.
That forcing is what all the max-IP and user-IP external ACL helpers are
for. Simply dont use them and you will be fine even if each TCP
connection has unique IP addressing.
Amos
More information about the squid-users
mailing list