If you are using NAT to hide the users IP addresses before they reach
Squid, then Squid will have a very hard time basing access on such
information as it plain is not available.
I think you should consider using authentication, requiring the users to
log in to the proxy service to reach the Internet. This way you can base
access controls on username, no matter what station they are currently
using.
Regards
Henrik Nordström
Squid Developer
On Sunday 06 January 2002 16.42, Lim Seng Chor wrote:
> Hi,
>
> I have 2 subnets using private ip address and 1 subnet using public ip
> address (in fact it is DMZ).
> My squid box located at DMZ network but i find it very hard to generate
> the ACL to control my clients' http access coming from the private
> networks since the connections from the clients to the squid box are
> origin from the same IP which is the interior gateway IP.
> In this case, is there anyway I can restrict the http access based on
> client hostname or private ip address.
> Thank you for your help.
-- MARA Systems AB, Giving you basic free Squid support Customized solutions, packaged solutions and priority support available on requestReceived on Sun Jan 06 2002 - 20:56:17 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST