0

I installed Squid Transparent with Session External helper [1]. Then I created a PHP login page and user can login with his UserName, Password. But the problem is that when user login via his correct info, other people can login with authorized user's IP. It means it start session for the IP and all people that know his IP can use the internet. How can I limit the user? Is there any acl in squid to bind the IP & Username? Or we have to use PHP Session to limit the session in browser? If yes how can I communicate from server to client to check that the session is active or no?

[1] http://www.andybev.com/index.php/Setting_up_a_captive_portal_from_scratch_using_Debian

Thanks for your help!

user2310290
  • 11
  • 2

1 Answers1

0

The proxy cannot both be transparent and acquire metadata that would allow it to make a stronger association between the user and the traffic than that predicated upon the IP address. It isn't clear where you expect the username to come from, and the ACL system you have set up (as is typical for squid) only supports filtering IP addresses.

If you cannot ensure users have unique IP addresses and are not spoofing (consider cross-validating IPs with MACs at a firewall to prevent spoofed packets from reaching your squid server), you can use the system you have.

Falcon Momot
  • 24,975
  • 13
  • 61
  • 92