authenticate_ip_ttl

authenticate_ip_ttl

This directive causes Squid to deny requests if the same proxy authentication username comes from more than one IP address within a given amount of time. It's designed to discourage users from sharing their username and password with others. When Squid detects the same username from multiple IP addresses, it forces the user to reauthenticate by denying the request.

This feature is disabled by default (0 seconds). If your users normally have the same IP address (e.g., static addressing or DHCP with long leases), you can set authenticate_ip_ttl to a large value such as 1 hour. However, if your users are on dial-up connections, they may be more likely to change IP addresses within a short period of time. To make their lives easier, use a small authenticate_ip_ttl value, such as 1 minute.

Syntax

authenticate_ip_ttl time-specification

Default

authenticate_ip_ttl 0 seconds

Example

authenticate_ip_ttl 1 minute

Related

auth_param



    Appendix A. Config File Reference