[squid-users] Authenticate_ip_ttl_strict
Amos Jeffries
squid3 at treenet.co.nz
Tue Jan 12 22:31:00 UTC 2016
On 13/01/2016 8:26 a.m., Murat Balkan wrote:
> Hello,
>
> I want to use authenticate_ip_ttl_strict on configuration (I have
> seen this mentioned in this group) but squid complains no such
> parameter at the startup. I am using version 3.1.23
>
Because there is no such configuration directive. Never has been.
Are you confusing it with the -s flag on max_user_ip ACL?
acl foo max_user_ip -s ...
http_access deny foo
> What I am trying to achieve is during the IP TTL period, if a second
> user tries to log in to the proxy with the same username, he should
> be blocked until the first users IP TTL (or TTL) expires.
Please be aware that in the modern (post-1998) Internet every machine in
existence has at least 2 and potentially a huge number of IP addresses
it can make use of simultaneously.
>
> Is it possible to achieve this? Right now I am applying the following
> acl
>
> acl NO_USERNAME_SHARE max_user_ip 1
>
> However it seems the second users first request is denied, but this
> also triggers the first users IP TTL to expire, therefore if the
> second user refreshes the page again, he is able to logged in.
acl NO_USERNAME_SHARE max_user_ip -s 1
Amos
More information about the squid-users
mailing list