Skip to main content

IP Based Authentication

Overview

SafeSquid's Access Restriction section provides you an option to divide your users into specific user groups and use that user groups to define different set of Access Rules to that specific user groups. You want to define an access restriction to your users based on their role, then you can add the users into separate User Groups in Access Restriction section and use that User Groups to set the access rules.

For example, in my organization I have to divide users into different groups such as HR TEAM, SALES TEAM, MANAGERS, GENERAL USERS...etc.

The access policies for that groups defined as follows:

  • Full internet access to the MANAGERS
  • Only Job Portals to the HR TEAM
  • Only Marketing Related websites to SALES TEAM
  • Deny total internet to the GENERAL USERS, they are allowed to access internal websites only.
  • Deny the access to consumer google accounts to ALL GROUPS

So, I added those users or groups into separate User Groups in Access Restriction section of SafeSquid, and I used that User Groups to define the access policies mentioned same as above. You can also define the access policies based on user's network IP addresses.

Prerequisites

You must have integrated LDAP setup, if you want to create user groups based on LDAP users.

Setup Guide

Access the SafeSquid User interface

clicking on configure in safesquid interface

Go to Access restrictions

Go to configure page from SafeSquid WebGUI and open Access Restrictions section which is under Application Setup side menu.

Going to access restrictions section under application setup

Go to Allow list

To create new policy, go to Allow list subsection.

clicking on allow list

Create New Policy

Click on Add New icon situated on bottom left corner to create new policy.

clicking on add new to add a new entry

Enter your IP address inside IP Address field. You can also specify comma separated lP address or range of IPs.

giving your IP address in the IP address field. you can mention one or more ip addresses by separating them by commas

You need to specify unique User-Group name inside Add to User-Groups field. Here we have specified IP BASED AUTHENTICATION in Add to User-Groups field.

giving the appropriate user group

Testing

To test the scenario, try to access any website from your mentioned IP address (here 192.168.0.10). You will get authentication prompt. You have to specify Username and Password of your Linux machine.

Further in your policy if you mention Username and Password in the field, then only this user will be allowed to access the web.