On Thu, 5 Feb 2004, Szemer�dy G�bor wrote: > the MAC address for the workstation matches and the IP address for the > workstation matches and the login name and password are valid (coming > from the same workstation)?
Yes, set up http_access rules and ACLs only allowing him access if all three matches, deny them if not. acl user1_MAC arp xx:xx:xx:xx:xx:xx acl user1_IP src xx.xx.xx.xx acl user1_LOGIN proxy_auth login_of_user1 http_access allow user1_LOGIN user1_IP user1_MAC http_access deny user1_LOGIN http_access deny user1_IP http_access deny user1_MAC [repeat for each user/station with this restriction] A more efficient approach would be to extend the external acl concept with a tag for the MAC address, allowing a helper like the ip_user helper to verify that the triple is correct. Regards enrik
