DansGuardian Documentation Wiki

You are here: Main Index » using_ip_addresses_for_user_identification


Wiki Information

IP Address Authentication


You can use IP Addresses to identify your users and match them to a filtergroup configuration. This is a simple way to quickly authenticate computers without having to set up a complex authentication system. Note that there are some disadvantages to this system:

  • You MUST have static IP addresses set for the computers
  • IP addresses can be spoofed and users can therefore join themselves to a less filtered group.

Enabling Authentication

You need to enable the IP AuthPlugin in /etc/dansguardian/dansguardian.conf in the following section.

# Auth plugins
# These replace the usernameidmethod* options in previous versions. They
# handle the extraction of client usernames from various sources, such as
# Proxy-Authorisation headers and ident servers, enabling requests to be
# handled according to the settings of the user's filter group.
# Multiple plugins can be specified, and will be queried in order until one
# of them either finds a username or throws an error. For example, if Squid
# is configured with both NTLM and Basic auth enabled, and both the 'proxy-basic'
# and 'proxy-ntlm' auth plugins are enabled here, then clients which do not support
# NTLM can fall back to Basic without sacrificing access rights.
# If you do not use multiple filter groups, you need not specify this option.
#authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'
#authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
#authplugin = '/etc/dansguardian/authplugins/ident.conf'
authplugin = '/etc/dansguardian/authplugins/ip.conf'

Make sure you have a number for filtergroups configured and then add your IP addresses to the following file:


# IP-Group list
# Used by the IP-based auth plugin to assign IP addresses to filter groups.
# Examples:
# Straight IP matching:
# = filter1
# Subnet matching:
# = filter1
# Range matching:
# = filter1