I'm trying to limit each user profile to (1) simultaneous authentication to discourage users from giving out their password to another user. If I can configure squid to only accept 1 connection per user profile that would serve my purpose. It tried entering the #acl con_limit maxconn 2
#http_access deny con_limit all command in squid.conf but upon squid restart I get an error on the con_limit line. What am I doing wrong?
#http_access deny con_limit all command in squid.conf but upon squid restart I get an error on the con_limit line. What am I doing wrong?
Share this post:
Responses (2)
-
Accepted Answer
Bargava wrote:
If you use proxy authentication and you want to restrict the multiple login from other machine. the 'max_user_ip' ACL, this directive controls how long Squid remembers the IP addresses associated with each user. Use a small value (e.g., 60 seconds) if your users might change addresses quickly, as is the case with dialups. You might be safe using a larger value (e.g., 2 hours) in a corporate LAN environment with relatively static address assignments.
we have to add these below four lines in squid.conf in correct place.
authenticate_ip_ttl 300 seconds # Proxy will remember the Ip addresses associated with each user.
acl max_user max_user_ip -s 1 #1 represents how many user can login in different machines.
http_access deny max_user
deny_info maxuser.htm ip_limit
For your reference :-
# vi /etc/squid/squid.conf
Eg.
# TAG: authenticate_ip_ttl
#
#Default:
# authenticate_ip_ttl 0 seconds
authenticate_ip_ttl 300 seconds
# TAG: acl
# Defining an Access List
acl max_user max_user_ip -s 1
http_access deny max_user
# TAG: deny_info
# Usage: deny_info err_page_name acl
deny_info maxuser.htm max_user
Note :-
Create a file in the name of maxuser.htm with your error info. The file should be copied into /etc/squid/error directory.
Don’t forget restart the service
Service squid restart.
dear bargava,
i was configuration my squid.conf like you say,but it can not control multiple login from other machine,can you help why? attachment about my squidi.conf -
Accepted Answer
If you use proxy authentication and you want to restrict the multiple login from other machine. the 'max_user_ip' ACL, this directive controls how long Squid remembers the IP addresses associated with each user. Use a small value (e.g., 60 seconds) if your users might change addresses quickly, as is the case with dialups. You might be safe using a larger value (e.g., 2 hours) in a corporate LAN environment with relatively static address assignments.
we have to add these below four lines in squid.conf in correct place.
authenticate_ip_ttl 300 seconds # Proxy will remember the Ip addresses associated with each user.
acl max_user max_user_ip -s 1 #1 represents how many user can login in different machines.
http_access deny max_user
deny_info maxuser.htm ip_limit
For your reference :-
# vi /etc/squid/squid.conf
Eg.
# TAG: authenticate_ip_ttl
#
#Default:
# authenticate_ip_ttl 0 seconds
authenticate_ip_ttl 300 seconds
# TAG: acl
# Defining an Access List
acl max_user max_user_ip -s 1
http_access deny max_user
# TAG: deny_info
# Usage: deny_info err_page_name acl
deny_info maxuser.htm max_user
Note :-
Create a file in the name of maxuser.htm with your error info. The file should be copied into /etc/squid/error directory.
Don’t forget restart the service
Service squid restart.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »