Restricting squid users to login only from one machine

From Notes_Wiki
Revision as of 09:49, 31 January 2016 by Saurabh (talk | contribs) (Created page with "<yambe:breadcrumb>Squid_proxy_server_configuration|Squid</yambe:breadcrumb> =Restricting squid users to login only from one machine= Assuming basic squid LDAP based authentic...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

<yambe:breadcrumb>Squid_proxy_server_configuration|Squid</yambe:breadcrumb>

Restricting squid users to login only from one machine

Assuming basic squid LDAP based authentication configuration as: 

   #Authenticate users via LDAP
   acl login-users src 192.168.0.0/16
   auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "<base-dn>" -f "uid=%s" -h <ldap-fqdn>
   auth_param basic children 5
   auth_param basic realm Organization Proxy Server
   auth_param basic credentialsttl 2 hours
   
   acl ldapauth proxy_auth REQUIRED
   http_access allow login-users ldapauth

To ensure that any user can login only from one machine at a time: 

   #Authenticate users via LDAP
   acl login-users src 192.168.0.0/16
   auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "<base-dn>" -f "uid=%s" -h <ldap-fqdn>
   auth_param basic children 5
   auth_param basic realm Organization Proxy Server
   auth_param basic credentialsttl 2 hours

   #Allow a user to connect only one device at a time
   authenticate_ip_ttl 120 seconds
   acl max_logins max_user_ip -s 1
   http_access deny max_logins
   
   acl ldapauth proxy_auth REQUIRED
   http_access allow login-users ldapauth

Here, -s is for strict timeout of 120 seconds as set in the configuration. Note that denying users with max_logins before allowing 'login-user ldapauth' is necessary for configuration to work.


<yambe:breadcrumb>Squid_proxy_server_configuration|Squid</yambe:breadcrumb>

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Restricting_squid_users_to_login_only_from_one_machine&oldid=2353"