Difference between revisions of "Restricting squid users to login only from one machine"
From Notes_Wiki
(Created page with "<yambe:breadcrumb>Squid_proxy_server_configuration|Squid</yambe:breadcrumb> =Restricting squid users to login only from one machine= Assuming basic squid LDAP based authentic...") |
m |
||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Squid proxy server configuration]] > [[Restricting squid users to login only from one machine]] | |||
Assuming basic squid LDAP based authentication configuration as: | Assuming basic squid LDAP based authentication configuration as: | ||
Line 36: | Line 35: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Squid proxy server configuration]] > [[Restricting squid users to login only from one machine]] |
Latest revision as of 10:10, 14 July 2022
Home > CentOS > CentOS 6.x > Squid proxy server configuration > Restricting squid users to login only from one machine
Assuming basic squid LDAP based authentication configuration as:
#Authenticate users via LDAP acl login-users src 192.168.0.0/16 auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "<base-dn>" -f "uid=%s" -h <ldap-fqdn> auth_param basic children 5 auth_param basic realm Organization Proxy Server auth_param basic credentialsttl 2 hours acl ldapauth proxy_auth REQUIRED http_access allow login-users ldapauth
To ensure that any user can login only from one machine at a time:
#Authenticate users via LDAP acl login-users src 192.168.0.0/16 auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "<base-dn>" -f "uid=%s" -h <ldap-fqdn> auth_param basic children 5 auth_param basic realm Organization Proxy Server auth_param basic credentialsttl 2 hours #Allow a user to connect only one device at a time authenticate_ip_ttl 120 seconds acl max_logins max_user_ip -s 1 http_access deny max_logins acl ldapauth proxy_auth REQUIRED http_access allow login-users ldapauth
Here, -s is for strict timeout of 120 seconds as set in the configuration. Note that denying users with max_logins before allowing 'login-user ldapauth' is necessary for configuration to work.
Home > CentOS > CentOS 6.x > Squid proxy server configuration > Restricting squid users to login only from one machine