Thanks Amos,

OK this seems to answer my question.
A session helper with ttl=3 should be enough if it will return the username 
associated by the helper.

The next thing is to block traffic if there is no username.

Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com
Zoom: Coming soon


-----Original Message-----
From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of Amos 
Jeffries
Sent: Tuesday, February 9, 2021 5:30 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Port or switch level authorization

On 8/02/21 10:48 pm, Eliezer Croitoru wrote:
> I have a Mikrotik PPPOE server and I would like to register the logged in
> user on PPPOE Tunnel creation.
> In the mikroitk device I have a code which can run a curl/fetch request with
> the login details ie IP and username towards any server.
> I was thinking about creating a PHP api that will be allowed access only
> from the Mikrotik devices.
> On every login the user+IP pairs will be written to a small DB.
> Squid in it's turn will use an external helper to run queries against the DB
> per request with small cache of 3-10 seconds.

Do you mean the ext_session_sql_acl helper?

> 
> What's the best way to pass a username so with the ip it will be logged.
> 

The helper needs to return user= kv-pair to Squid for this to be an 
"authentication" rather than just authorization. That username will be 
logged without anything special having to be done.

Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to