httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark jensen <ngiw2...@hotmail.com>
Subject RE: [users@httpd] After authentication, How to authorize users according to IP (or host)?
Date Tue, 29 Jul 2014 21:08:59 GMT


Hello 

we all know that access.log file logs the access Info of Squid, something like that:
125213512.746 41762 192.168.1.17 .............. 
125213513.746 47616 192.168.1.18 ..............

and
 we all know that squid use the file /etc/resolv.conf  to determine the 
DNS server it is dealing with, so if we want Squid to deal with a local 
DNS server (like BIND) we put the local DNS server address in the file 
/etc/resolv.conf

what if the local DNS server has a record like this ( in its revers zone (1.168.192.in-addr.arpa)):

$TTL 60 ; 1 minute 
17            PTR Mark
18            PTR Mike

I want to make this record ( in the access.log file):

125213512.746 41762 192.168.1.17 .............. 

to be something like that:
125213512.746 41762 192.168.1.17 Mark .............. 


Is there any configuration step that I can do to make Squid do that?

any help will be appreciated 

From: ngiw2012@hotmail.com
To: users@httpd.apache.org
Subject: RE: [users@httpd] After authentication, How to authorize users according to IP (or
host)?
Date: Fri, 25 Jul 2014 15:26:24 +0000




> 192.168.1.2 can always access, regardless of LDAP?
Yes
> 192.168.1.7 can never access, regardless of LDAP?
Yes, but what I really want is to do the forbidden of access using authorization(Require tag)
not authentication (allow tag)
something like that:
allow from 192.168.1
Require 192.168.1.2

so apache won't ask them for authentication, but won't let them in according to Require.

> LDAP authentication should never be used for 192.168.1 network?

Yes

> Offsite users can always access if allowed by LDAP?

Yes
 		 	   		   		 	   		  
Mime
View raw message