Squid Web Proxy Cache
 » 
Squid - Users

Authentification on each multiple outgoing ip

View: New views
2 Messages — Rating Filter:   Alert me  

Authentification on each multiple outgoing ip

by Франсуа Мартiнес :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi guys.
I have such issue. My head has already swolen from this issue ))) So...

I have server with several outgoing IPs. My task: to each outgoing IP
on proxy bind login-password

Doesnt matter ip source of user. User use proxy if he knows
login-password for separate ip on proxy.

i attach my squid.cong file.


so far, in squid.cong i wrote 2 proxy IPs.
i tried to bind different login-passw to them.
but.
doesnt matter via what proxy ip i want to connect my browser.
i setup browser even on IPs that not yet mentioned in squid.conf (in
squid.conf there only 6.1.9.1 and 2.5.2.4)
all the proxy IPs while trying to connect through them demand
login-password. And for all of them the only right login is mechelen
(see in squid.conf)

can anybody help with this task?
thx a lot!

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid.passwd
auth_param basic children 5
auth_param basic credentialsttl 3 hours
acl one myip 6.1.9.1
acl duisburg proxy_auth -i mechelen
http_access allow duisburg one
tcp_outgoing_address 6.1.9.1 one

acl two myip 2.5.2.4
acl essen proxy_auth -i zwolle
http_access allow essen two
tcp_outgoing_address 2.5.2.4 two
 
acl me src 2.9.3.6
http_access allow me
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 8080
hierarchy_stoplist cgi-bin ?
minimum_object_size 0 KB
maximum_object_size 0 KB
acl all src 0.0.0.0/0.0.0.0
no_cache deny all
cache_dir null /tmp
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Package(.gz)*)$        0 20%   2880
refresh_pattern .               0       20%     4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
via off
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
forwarded_for off
coredump_dir /var/spool/squid

Re: Authentification on each multiple outgoing ip

by Amos Jeffries-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Франсуа Мартiнес wrote:

> Hi guys.
> I have such issue. My head has already swolen from this issue ))) So...
>
> I have server with several outgoing IPs. My task: to each outgoing IP
> on proxy bind login-password
>
> Doesnt matter ip source of user. User use proxy if he knows
> login-password for separate ip on proxy.
>
> i attach my squid.cong file.
>
>
> so far, in squid.cong i wrote 2 proxy IPs.
> i tried to bind different login-passw to them.
> but.
> doesnt matter via what proxy ip i want to connect my browser.
> i setup browser even on IPs that not yet mentioned in squid.conf (in
> squid.conf there only 6.1.9.1 and 2.5.2.4)
> all the proxy IPs while trying to connect through them demand
> login-password. And for all of them the only right login is mechelen
> (see in squid.conf)
>
> can anybody help with this task?
> thx a lot!
>

Lets see.....


acl one myip 6.1.9.1
acl duisburg proxy_auth -i mechelen
http_access allow duisburg one
tcp_outgoing_address 6.1.9.1 one

... "mechlen" is allowed unlimited access when using 6.1.9.1:3128 as the
proxy. Everybody connecting to 6.1.9.1 will be sent out with IP 6.1.9.1.

acl two myip 2.5.2.4
acl essen proxy_auth -i zwolle
http_access allow essen two
tcp_outgoing_address 2.5.2.4 two

... "zwolle" is allowed unlimited access when using 2.5.2.4:3128 as the
proxy. Everybody connecting to 2.5.2.4 will be sent out with IP 2.5.2.4.


acl me src 2.9.3.6
http_access allow me

... the person using machine 2.9.3.6 is allowed unlimited access.
Operating system selected IP is used.


I think you are testing from 2.9.3.6 yes?

... which means login will be requested. However no matter what gets
entered. The operating system picks the default IP (I suspect that is
6.1.9.1 and causing you confusion).


Amos
--
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
   Current Beta Squid 3.1.0.14
Free embeddable forum powered by Nabble Forum Help