Feature #10725
closed
Squid disable multiple login sessions
100%
Description
https://forum.netgate.com/topic/154741/squid-disable-multiple-sessions:
Hello, I want to set a server running pfsense with squid. I want to be sure that users aren't using the same login in different PCs or using proxy behind mine to permit access to more users than allowed.
from http://www.squid-cache.org/Doc/config/acl/:
acl aclname max_user_ip [-s] number # This will be matched when the user attempts to log in from more # than <number> different ip addresses. The authenticate_ip_ttl # parameter controls the timeout on the ip entries. [fast] # If -s is specified the limit is strict, denying browsing # from any further IP addresses until the ttl has expired. Without # -s Squid will just annoy the user by "randomly" denying requests. # (the counter is reset each time the limit is reached and a # request is denied) # NOTE: in acceleration mode or where there is mesh of child proxies, # clients may appear to come from multiple addresses if they are # going through proxy farms, so a limit of 1 may cause user problems.
Updated by Viktor Gurov almost 4 years ago
Updated by Jim Pingle almost 4 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho almost 4 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Azamat Khakimyanov over 3 years ago
Tested on:
2.5.0-DEVELOPMENT (amd64)
built on Sun Sep 20 01:01:05 EDT 2020
FreeBSD 12.2-PRERELEASE
With default value for "Authentication Max User IP Addresses" I was able to use proxy from several different PCs. When I changed default value and used "Authentication Max User IP Addresses: 1" I was able to connect only from 1 PC.
After 5 minutes (default Authentication TTL) I was able to re-authenticate from second PC and use proxy.
Ticket resolved.
Updated by Azamat Khakimyanov over 3 years ago
- Status changed from Feedback to Resolved