IP Address Authentication
Introduction
You can use IP Addresses to identify your users and match them to a filtergroup configuration. This is a simple way to quickly authenticate computers without having to set up a complex authentication system. Note that there are some disadvantages to this system:
- You MUST have static IP addresses set for the computers
- IP addresses can be spoofed and users can therefore join themselves to a less filtered group.
Enabling Authentication
You need to enable the IP AuthPlugin in /etc/dansguardian/dansguardian.conf in the following section.
# Auth plugins # These replace the usernameidmethod* options in previous versions. They # handle the extraction of client usernames from various sources, such as # Proxy-Authorisation headers and ident servers, enabling requests to be # handled according to the settings of the user's filter group. # Multiple plugins can be specified, and will be queried in order until one # of them either finds a username or throws an error. For example, if Squid # is configured with both NTLM and Basic auth enabled, and both the 'proxy-basic' # and 'proxy-ntlm' auth plugins are enabled here, then clients which do not support # NTLM can fall back to Basic without sacrificing access rights. # # If you do not use multiple filter groups, you need not specify this option. # #authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf' #authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf' #authplugin = '/etc/dansguardian/authplugins/ident.conf' authplugin = '/etc/dansguardian/authplugins/ip.conf'
Make sure you have a number for filtergroups configured and then add your IP addresses to the following file:
/etc/dansguardian/lists/authplugins/ipgroups
# IP-Group list # Used by the IP-based auth plugin to assign IP addresses to filter groups. # # Examples: # Straight IP matching: #192.168.0.1 = filter1 # Subnet matching: #192.168.1.0/255.255.255.0 = filter1 # Range matching: #192.168.1.0-192.168.1.255 = filter1