|
|
Re: Transparent Proxy: msg#01305web.squid.general
pauloric wrote: > > Em Sex, 2003-03-28 às 19:07, Henrik Nordstrom escreveu: > > pauloric wrote: > > > > > Is it possible to have all reports generated by SARG w/ user ID instead > > > IP address?? > > > > Only if you can make a scheme whereby the user ID can be found from the > > IP address. > > > > > I've been reading about external_acl_type. Is it the rigth way? > > > > If you find the solution to the above problem then external_acl_type can > > be used to have the username filled in by Squid. > > Sorry Henrik, I didn't say all about the specs. I'm using iptables + > squid ( transparent proxy) + DHCP + SARG. Again it's all running > smoothly. > > I've noticed that w/ sarg I can have a list w/ IPADRESS + USERID and all > reports will be generated w/ user ID, but I would like to use another > method preferably taking direct from access.log ( id user instead ip > address) And this is how I understood your question. external_acl_type helpers can return the username to Squid, provided they can look up the username somewhere. If you already have solved the question "Who is using IP x.x.x.x right now?" then writing an external_acl_type helper which returns this to Squid is not hard. See squid.conf for a descripiton of the communication between Squid and external acl helpers. > I know that I can't have Trasparent proxy + authentication right, can I? Right. > Then I'm thinking about using Transparent proxy + external_acl and an > external helper program ip_user_check ( from Rodrigo Campos). I've been > writing a scripts to take UserIP + name from dhcp and it's ok I don't exacly see the relationship with ip_user_check here... ip_user_check fills another purpose (only give an authenticated user access if he is using his correct IP address recorded on file). A new helper needs to be written. If you have already written a script to query your DHCP server then this can easily be extended into becoming a external acl helper to Squid I think. A example external acl helper for returning user name, given a separate program or function lookup_user_from_ip which prints the current username given a IP address: #!/bin/sh while read IP; do user="`lookup_user_from_ip $IP`" if [ -n "$user" ]; then echo "OK user=$user" else echo "ERR" fi done Regards Henrik |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | IE doesn't resolve for the first time: 01305, Fredi |
|---|---|
| Next by Date: | Re: IE doesn't resolve for the first time: 01305, Henrik Nordstrom |
| Previous by Thread: | Re: Transparent Proxyi: 01305, pauloric |
| Next by Thread: | squid+wccp+packets not being redirected: 01305, Sukhjit Singh |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |