Difference between revisions of "Restricting squid users to login only from one machine"

Home > CentOS > CentOS 6.x > Squid proxy server configuration > Restricting squid users to login only from one machine

Assuming basic squid LDAP based authentication configuration as:

   #Authenticate users via LDAP
   acl login-users src 192.168.0.0/16
   auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "<base-dn>" -f "uid=%s" -h <ldap-fqdn>
   auth_param basic children 5
   auth_param basic realm Organization Proxy Server
   auth_param basic credentialsttl 2 hours
   
   acl ldapauth proxy_auth REQUIRED
   http_access allow login-users ldapauth

To ensure that any user can login only from one machine at a time:

   #Authenticate users via LDAP
   acl login-users src 192.168.0.0/16
   auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "<base-dn>" -f "uid=%s" -h <ldap-fqdn>
   auth_param basic children 5
   auth_param basic realm Organization Proxy Server
   auth_param basic credentialsttl 2 hours

   #Allow a user to connect only one device at a time
   authenticate_ip_ttl 120 seconds
   acl max_logins max_user_ip -s 1
   http_access deny max_logins
   
   acl ldapauth proxy_auth REQUIRED
   http_access allow login-users ldapauth   

Here, -s is for strict timeout of 120 seconds as set in the configuration. Note that denying users with max_logins before allowing 'login-user ldapauth' is necessary for configuration to work.

Home > CentOS > CentOS 6.x > Squid proxy server configuration > Restricting squid users to login only from one machine