Re: [squid-users] External ACL control/MACs

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 11 Apr 2006 22:21:16 +0200

tis 2006-04-11 klockan 09:47 -0400 skrev Jason Gauthier:

> I would like squid, by default, to not allow access.
> If a client hits it, I would like to be prompted for a page that
> requires an "access" key. This will create an ACL for squid based on
> the client's MAC address.

Doable, but not very elegantly.

The access key page is external to Squid. Can be run on any http server
in your network provided there is some common exchange between the http
server and your Squid (text file, SQL database or whatever...)

To do this elegantly you would need to extend the external acl interface
to also be able to query based on the MAC. This allows the acl to be
dynamic, saving the need of issuing "squid -k reconfigure" on each and
every change..

> Pieces of this might be possible. But what about the whole scope?

Defenitely doable within the limits of networking fundamentals.

Most people doing this is doing so based on the IP which scales much
better (and is supported by external acl already)

Regards
Henrik

Received on Tue Apr 11 2006 - 14:21:26 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT