DansGuardian Documentation Wiki

You are here: Main Index » using_ip_addresses_for_user_identification


|

Wiki Information

IP Address Authentication

Introduction

You can use IP Addresses to identify your users and match them to a filtergroup configuration. This is a simple way to quickly authenticate computers without having to set up a complex authentication system. Note that there are some disadvantages to this system:

  • You MUST have static IP addresses set for the computers
  • IP addresses can be spoofed and users can therefore join themselves to a less filtered group.

Enabling Authentication

You need to enable the IP AuthPlugin in /etc/dansguardian/dansguardian.conf in the following section.

# Auth plugins
# These replace the usernameidmethod* options in previous versions. They
# handle the extraction of client usernames from various sources, such as
# Proxy-Authorisation headers and ident servers, enabling requests to be
# handled according to the settings of the user's filter group.
# Multiple plugins can be specified, and will be queried in order until one
# of them either finds a username or throws an error. For example, if Squid
# is configured with both NTLM and Basic auth enabled, and both the 'proxy-basic'
# and 'proxy-ntlm' auth plugins are enabled here, then clients which do not support
# NTLM can fall back to Basic without sacrificing access rights.
#
# If you do not use multiple filter groups, you need not specify this option.
#
#authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'
#authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
#authplugin = '/etc/dansguardian/authplugins/ident.conf'
authplugin = '/etc/dansguardian/authplugins/ip.conf'

Make sure you have a number for filtergroups configured and then add your IP addresses to the following file:

/etc/dansguardian/lists/authplugins/ipgroups

# IP-Group list
# Used by the IP-based auth plugin to assign IP addresses to filter groups.
#
# Examples:
# Straight IP matching:
#192.168.0.1 = filter1
# Subnet matching:
#192.168.1.0/255.255.255.0 = filter1
# Range matching:
#192.168.1.0-192.168.1.255 = filter1