On Wed, Aug 10, 2011 at 12:56 PM, alexus <alexus_at_gmail.com> wrote:
> 2) add ip for 24h to a trusted list, so it will not prompt for
> userid/password until 24h is expired
>
Add an external_acl_helper that checks against a list of trusted IPs.
It's up to you to maintain that list, but that shouldn't be hard. I
don't have the 24 hour constraint, but needed to allow certain IPs to
not require user/pass, so here's my helper:
#!/bin/bash
while true
do
read LINE
RESULT=`sed -n s/"$LINE "//p /etc/squid3/auth.ips`
if [ -z "$RESULT" ]; then
echo ERR 2> /dev/null
else
echo OK user=$RESULT 2> /dev/null
fi
if [ $? -ne 0 ]; then
exit 1;
fi
done
The auth.ips file looks like:
1.2.3.4 user1
1.2.3.5 user2
Then in squid.conf I have this to define the helper:
external_acl_type ipauth children=1 %SRC /etc/squid3/ip_auth.sh
acl ip-auth external ipauth
Then you allow access using ip-auth before your current acl that prompts.
--Will
Received on Wed Aug 10 2011 - 21:31:49 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 11 2011 - 12:00:01 MDT