Squid / Limit of IP addresses per user?
-
I am trying PFS 1.2.3-RC3 + Squid to deploy a proxy environment in our company. My authentication is LOCAL in Squid.
I want know if I can limit the users not to browse the net from multiple locations? Meaning a user can loging to the proxy and browse the internet only from one PC at a time, not allow to be used from another computer while he is using it in one computer.
Limit of IP addresses per user
Number of source IP addresses a user can be logged in at a time. The IP address will be released after the time defined at User/IP cache TTL.
Please tell me how to do it?
-
you can use squid guard.
it has got acl and time
-
you can use squid guard.
it has got acl and time
I don't think Squidguard has a feature for my requirements.
Is it possible use this http://old.nabble.com/blocking-users-that-using-same-login-from-different–IP-address-at-the-same-time-to12181285.html#a12182231
-
i think it is impossible on pfsense! maybe possible squid on the other Linux versions
-
Can someone tell me if "acl aclname max_user_ip [-s] number" is possible in Pfsense?
acl aclname max_user_ip [-s] number
# This will be matched when the user attempts to log in from more
# than <number>different ip addresses. The authenticate_ip_ttl
# parameter controls the timeout on the ip entries.
# If -s is specified the limit is strict, denying browsing
# from any further IP addresses until the ttl has expired. Without
# -s Squid will just annoy the user by "randomly" denying requests.
# (the counter is reset each time the limit is reached and a
# request is denied)
# NOTE: in acceleration mode or where there is mesh of child proxies,
# clients may appear to come from multiple addresses if they are
# going through proxy farms, so a limit of 1 may cause user problems.</number>
-
it is imposible
-
Nothing is impossible on pfSense. Depending on what authentication method the code you copied is talking about, this should work just fine. Squid configuration files are, for all intensive purposes, platform independent. If it does not work for you I'm sure that somebody here could write something for you very quickly if you started a bounty.
I would suggest trying to modify the bit of code you copied and see what happens. Make your changes in /usr/local/pkg/squid.inc save the file and restart the service (maybe your whole box). If it doesn't work, just change it back and you will be fine. Good luck.