[squid-users] forward proxy - many users with one login/passwd.
Berkes, David
David.J.Berkes at pjc.com
Fri Jul 31 17:52:44 UTC 2015
Thanks again. That’s what I was looking to clarify!
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Friday, July 31, 2015 12:32 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] forward proxy - many users with one login/passwd.
On 31/07/2015 8:55 p.m., Kinkie wrote:
> On Thu, Jul 30, 2015 at 11:57 PM, Berkes, David
> <David.J.Berkes at pjc.com>
> wrote:
>
>>
>> Just a basic question. I have a 3.5.0.4 forward proxy setup with
>> basic authentication for my MDM proxy (iphones). All iphones are set
>> with the global proxy and identical user-name/password. They will be
>> on an LTE network and will be switching IP's often. The forward
>> proxy user-name/password will always be the same from each iphone. I
>> have read several things about (max_user_ip, authenticate_ip_ttl) and
>> concerned with the setup. I essentially don’t want to limit any number of source
>> connections using the same credentials. Please advise of any pitfalls
>> and/or settings for many users switching IP's frequent, using the
>> same login/passwd.
>>
>>
> Hi,
> there's none that I can think of.
>
Indeed.
HTTP authentication has to re-authenticate on every single request - even within a persistent connection. It is naturally independent of IP unless you force them into a relationship.
That forcing is what all the max-IP and user-IP external ACL helpers are for. Simply dont use them and you will be fine even if each TCP connection has unique IP addressing.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
________________________________
Piper Jaffray & Co. Since 1895. Member SIPC and NYSE. Learn more at www.piperjaffray.com. Piper Jaffray corporate headquarters is located at 800 Nicollet Mall, Minneapolis, MN 55402.
Piper Jaffray outgoing and incoming e-mail is electronically archived and recorded and is subject to review, monitoring and/or disclosure to someone other than the recipient. This e-mail may be considered an advertisement or solicitation for purposes of regulation of commercial electronic mail messages. If you do not wish to receive commercial e-mail communications from Piper Jaffray, go to: www.piperjaffray.com/do_not_email to review the details and submit your request to be added to the Piper Jaffray "Do Not E-mail Registry." For additional disclosure information see www.piperjaffray.com/disclosures
More information about the squid-users
mailing list