>Here's the situation:
>
>I have a single "terminal server" running portslave, in to which all my
>customers dial. Some of my customers should be allowed HTTP access, others
>only limited HTTP access. The terminal server is running transproxy,
>forcing all customers to use the squid server. This works fine.
>
>The trouble is, the squid server has no way of knowing whether a request
>coming from the terminal server is a customer who should be granted full
>HTTP access, or limited HTTP access. I thought it might work to have squid
>listen on two ports (3128 and 3129) for HTTP requests, then based on which
>port it receives the request on, have it perform a different action.
>Apparantly there's no option for this in the ACL setup, though.
>
>Are there any other established methods by which to differenciate between
>requests coming from the same transparant proxying host?
>
>I suppose if all else fails, I can bind two IP addresses to the terminal
>server, and tell one transproxy instance to bind to the second IP address so
>squid will know the difference between requests. That seems like more than
>should be required, though...
>
>Any thoughts or suggestions are much appreciated.
set your users into two different groups on your radius server, and then
allocate them different IPs using Add-Port-To-IP-Address and
Framed-IP-Address attributes for those groups.
>From there use the src address acl to limit certain users in squid.
Karl
=8)
Received on Tue Dec 14 1999 - 03:12:56 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:53 MST