hi amos , thanks for reply . but let me ask you other question for clarification .
in the section : external_acl_type type-name %SRC %LOGIN /path/to/ext_file_userip_acl -f /path/to/config.file now i see it has the form : ip_addr[/netmask] username|@group|ALL|NONE say i have 3 users user1 user2 and user3 ====================== user1 ——> 100.160.238.0:17648 user2—>100.160.238.1:48049 user3——>100.160.238.2:26394 ================= will the file /path/to/config.file be like below ???? 100.160.238.0 user1 100.160.238.1 user2 100.160.238.2 user3 kind regards > On Sep 25, 2016, at 12:58 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 24/09/2016 6:13 p.m., --Ahmad-- wrote: >> hi folks . >> >> i have many ips on same server . >> also i have basic_ncsa auth type on squid . >> >> say i have 3 ips and i created 3 users . >> >> the issue i have now is any user can use any outgoing address . >> >> let me explain below : >> >> >> auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user >> acl ncsa_users proxy_auth REQUIRED >> auth_param basic children 100 >> http_access allow ncsa_users >> >> ############### >> http_port 100.160.238.0:17648 >> http_port 100.160.238.1:48049 >> http_port 100.160.238.2:26394 >> >> ############# >> acl ip1myip 100.160.238.0 >> acl ip2 myip 100.160.238.1 >> acl ip3 myip 100.160.238.2 >> ############# >> >> tcp_outgoing_address 100.160.238.0 ip1 >> tcp_outgoing_address 100.160.238.1 ip2 >> tcp_outgoing_address 100.160.238.2 ip3 >> > > 'myip' matches the Squid IP address. > tcp_outgoing_address is what sets the Squid IP address. > See any problem with using the Squid IP address current value to set the > Squid IP address? > > Use the myportname ACL instead. In your above config it will match the > IP:port string on the htp_port line. For example: > > acl ip0 myportname 100.160.238.0:17648 > tcp_outgoing_address 100.160.238.0 ip0 > > Or you can add a name= parameter to each port to set a custom name for > it that the myportname ACL looks for. > > >> ######################## >> >> i created 3 users : >> >> htpasswd -cdb /etc/squid/squid_user user1 user1 >> htpasswd -cdb /etc/squid/squid_user user2 user2 >> htpasswd -cdb /etc/squid/squid_user user3 user3 >> >> ################# >> >> >> >> now if user1 connected to 100.160.238.0:17648 it will be able to use it >> also if connected to 100.160.238.1:48049 also will be able . >> >> and so for 100.160.238.2:26394. >> >> >> the question is >> how can i let user1 only use 100.160.238.0:17648 and user2 only use >> 100.160.238.1:48049 and user3 only use 100.160.238.2:26394 ??? >> > > Use the ext_file_userip_acl helper. The format for entries in the helper > config file is listed in the man page: > <http://www.squid-cache.org/Versions/v3/3.5/manuals/ext_file_userip_acl.html > <http://www.squid-cache.org/Versions/v3/3.5/manuals/ext_file_userip_acl.html>> > > Replace the line "http_access allow ncsa_users" with the following: > > external_acl_type userIp %SRC /usr/bin/ext_file_userip_acl -f > /etc/squid/userIP.conf > acl userIp external userIp > > http_access deny !ncsa_users > http_access allow userIp > > NP: that is all. Do not add userIp check to tcp_outgoing_address lines. > > > After all the above changes your squid.conf should look something like this: > > ## ... the default http_access rules at the top ... > ## > ## Your local custom rules go here: > > auth_param basic program /lib/squid/basic_ncsa_auth \ > /etc/squid/squid_user > auth_param basic children 100 > > external_acl_type userIp %SRC %LOGIN /lib/squid/ext_file_userip_acl \ > -f /etc/squid/userIP.conf > > acl ncsa_users proxy_auth REQUIRED > acl userIp external userIp > > http_access deny !ncsa_users > http_access allow userIp > http_access deny all > > ## > http_port 100.160.238.0:17648 name=0 > acl ip0 myportname 0 > tcp_outgoing_address 100.160.238.0 ip0 > > http_port 100.160.238.1:48049 name=1 > acl ip1 myportname 1 > tcp_outgoing_address 100.160.238.1 ip1 > > http_port 100.160.238.2:26394 name=2 > acl ip2 myportname 2 > tcp_outgoing_address 100.160.238.2 ip2 > > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> > http://lists.squid-cache.org/listinfo/squid-users > <http://lists.squid-cache.org/listinfo/squid-users>
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
