[squid-users] Squid bind each outgoing ip to a user?
Amos Jeffries
squid3 at treenet.co.nz
Mon Apr 8 05:46:36 UTC 2019
On 8/04/19 5:24 am, jyliu wrote:
> ****UPDATE****
>
> I find the problem... In UserIp file, if I put user's ip (my own pc's ip for
> example), it works.
>
> So now my userIp.conf is: (that's my own ip)
> 209.xxx.109.90 test
>
> And my squid.conf is: (This is the outgoing Ip i want to proxy to)
> http_port 204.188.217.14:3128 name=0
> acl ip1 myportname 0
> tcp_outgoing_address 204.188.217.14 ip1
>
> This works...
>
> However, this isn't what I want... I want authenticate the user based on
> their username and password, not base on their own pc's ip address. So
Please note that this is *not* "authentication" by IP address. It is
"authorization" by IP + login. Specifically the "%SRC %LOGIN" pair.
As noted in my earlier comments to the log trace, the login step
succeeds completely. Only after that the IP+login ACL fails.
In other words: The clients credentials were valid, but not sufficient
to give access privilege to the request.
> ideally, as long as the username and password is correct, one can have
> 204.188.217.14:3128:test:testpassword
> on any of their own ip address..
>
>
> Sorry I think I may mistake the function of 'external_acl_type'?
You have been passing the helper the %SRC format code. That expands to
the client IP address.
See
<http://www.squid-cache.org/Versions/v3/3.4/cfgman/external_acl_type.html>
for the list of codes in Squid-3.4. Any which expand to an IP address
can be used where you currently have %SRC.
You need the %MYADDR format code to give the helper the Squid receiving
IP address.
Amos
More information about the squid-users
mailing list