`

squid server

阅读更多

For fine control you may need to use Squid proxy server authentication. This will only allow authorized users to use proxy server.

You need to use proxy_auth ACLs to configure ncsa_auth module. Browsers send the user's authentication in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.

However squid is not equipped with password authentication. You need to take help of authentication helpers. Following are included by default in most squid and most Linux distros:
=> NCSA: Uses an NCSA-style username and password file.
=> LDAP: Uses the Lightweight Directory Access Protocol
=> MSNT: Uses a Windows NT authentication domain.
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
=> SMB: Uses a SMB server like Windows NT or Samba.
=> getpwam: Uses the old-fashioned Unix password file.
=> SASL: Uses SALS libraries.
=> NTLM, Negotiate and Digest authentication

Configure an NCSA-style username and password authentication

I am going to assume that squid is installed and working fine.

Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization :)

Step # 1: Create a username/password

First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1
Output:

New password:
Re-type new password:
Adding password for user user1

Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd

Step # 2: Locate nsca_auth authentication helper

Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:

/usr/lib/squid/ncsa_auth

If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep ncsa_auth
Output:

/usr/lib/squid/ncsa_auth

Step # 3: Configure nsca_auth for squid proxy authentication

Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file.

Where,

  • auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
  • auth_param basic children 5 : The number of authenticator processes to spawn.
  • auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
  • auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
  • auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
  • acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
  • http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.

Restart squid:
# /etc/init.d/squid restart

分享到:
评论

相关推荐

    proxyServer squid / varnish / apache traffic server / ATS

    proxyServer squid / varnish / apache traffic server / ATS 这篇博文讨论了代理服务器的基本概念,并重点介绍了Squid、Varnish和Apache Traffic Server(ATS)这三种流行的代理缓存服务器软件。下面将详细阐述这些...

    NAT+Squid配置

    在IT领域,NAT(网络地址转换)与Squid(一种代理服务器)的结合配置是一种常见的技术手段,用于提供内部网络对互联网的访问控制、流量管理以及安全性增强。以下是对这一主题的深入探讨,包括NAT与Squid的基本概念、...

    linux下squid的安装,配置,卸载及SNMP的安装配置

    visible_hostname ProxyServer cache_mgr yangfeng@aspire-tech.com cache_mem 32 MB cache_dir aufs /usr/local/squid/var/cache 25000 16 256 error_directory /usr/local/squid/share/errors/Simplify_...

    squid配置https

    cache_peer 74.125.71.84 parent 443 0 no-query originserver login=PASS name=www cache_peer_domain gmail.google.com cache_peer_domain accounts.google.com ``` - 注意事项: - 私钥文件的权限应设为 ...

    Squid 反向代理配置

    本文档详细介绍了如何在RHEL5.5和Windows Server 2003环境下配置Squid作为反向代理服务器,并通过实例演示了如何针对不同域名配置不同的代理策略。这对于希望利用Squid提高网络性能或实现负载均衡的应用场景非常有用...

    squid3.5 for windows x64

    squid3.5版 for windows 64位。经过在windows server 2008上测试好用。

    squid反向代理配置例子

    本文将详细讲解如何使用Squid进行反向代理配置,通过提供的文件名,我们可以看到有四种不同的配置场景:单站点代理、多站点代理、以及两种实现Web站点负载均衡的方法(sibling形式和常规方式)。 1. **单站点代理**...

    LVS+squid构建HA反向代理方案

    **方案一**:LVS主备+2台Squid+1或多台Real Server。两台LVS主机通过心跳检测实现VIP的自动切换,保证服务连续性。LVS使用IP TUNNEL模式进行负载均衡,Squid作为反向代理,分发请求到Real Server。 此方案的优势...

    CentOS 32位搭建squid http代理,解决TCP_MISS/503

    这里,`3128`是Squid默认的HTTP代理端口,`your_proxy_server_name`应替换为你的服务器名称,以便在客户端配置时使用。 接下来,设置访问控制。为了允许所有IP访问,可以注释掉或删除原有的`acl`和`http_access`...

    Squid Windows版架设二级代理服务器

    - 注释掉原有的一级代理配置,并添加二级代理配置:`cache_peer 192.168.1.8 parent 7001 0 no-query originserver`。 - 修改`visible_hostname`为实际主机名,例如`visible_hostname volcano`。 - 注释掉`...

    squid配置文档

    cache_peer {目标服务器 ip} parent {目标服务器端口} 0 no-query originserver weight=1 name={别名} # 映射别名和服务器 cache_peer_domain {别名} {目标服务器域名或 ip} # 设置访问权限 cache_peer_access {...

    squid 3.0的源代码,需要编译安装

    Squid是一个流行的开源代理服务器和缓存系统,广泛用于互联网内容缓存和加速,以及企业网络中的流量管理和控制。这个压缩包包含的是Squid 3.0.STABLE25版本的源代码,这意味着你需要通过编译来安装它,以便在你的...

    缓存代理服务器Squid-教程

    Squid是一个高性能的代理缓冲服务器,也许你已经用过Windows平台下的WinGate,MS Proxy Server等功能类似的产品。Squid是一个应用级代理,在保证客户端主机和服务器主机网络连通后,需要客户端软件做相应的设置后...

    Squid 中文权威指南(4)

    - **触发器类型**:某些指令接受`on`或`off`作为值,如`server_persistent_connections`指令用于控制是否启用持久连接。 ##### 2. **指令的覆盖与列表** - 指令的值可以被覆盖。例如,`connect_timeout`如果被多次...

    Practical Mod Perl

    The Squid Server and mod_perl Section 12.7. Apache's mod_proxy Module Section 12.8. mod_rewrite Examples Section 12.9. Getting the Remote Server IP in the Backend Server in the Proxy ...

Global site tag (gtag.js) - Google Analytics