- 浏览: 1320998 次
- 性别:
- 来自: 广州
文章分类
- 全部博客 (351)
- Java General (37)
- .net General (2)
- Linux Toy (55)
- Oracle (81)
- Mysql (11)
- Programer Career (12)
- Oh, my living ! (2)
- Shell Script (8)
- Web Service (0)
- Linux Server (22)
- Php/Python/Perl (3P) (2)
- Javascript General (5)
- Saleforce Apex Dev (2)
- Web General (5)
- Xen & VM tech. (17)
- PSP (13)
- OpenSolaris (34)
- php (1)
- RAI/flex/action script (16)
- asterisk/CTI (7)
- 交互设计 (6)
- English (3)
- Lucene (1)
最新评论
-
GuolinLee:
markmark
JVM调优总结 -Xms -Xmx -Xmn -Xss -
di1984HIT:
写的太好啊。
JVM调优总结 -Xms -Xmx -Xmn -Xss -
javajdbc:
javajdbc 写道
JVM调优总结 -Xms -Xmx -Xmn -Xss -
javajdbc:
...
JVM调优总结 -Xms -Xmx -Xmn -Xss -
alvin198761:
非常感谢,国外的被封杀了,你这里还有一份
How to Convert An Image-Based Guest To An LVM-Based Guest
For fine control you may need to use Squid proxy server authentication. This will only allow authorized users to use proxy server.
You need to use proxy_auth ACLs to configure ncsa_auth module. Browsers send the user's authentication in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.
However squid is not equipped with password authentication. You need to take help of authentication helpers. Following are included by default in most squid and most Linux distros:
=> NCSA: Uses an NCSA-style username and password file.
=> LDAP: Uses the Lightweight Directory Access Protocol
=> MSNT: Uses a Windows NT authentication domain.
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
=> SMB: Uses a SMB server like Windows NT or Samba.
=> getpwam: Uses the old-fashioned Unix password file.
=> SASL: Uses SALS libraries.
=> NTLM, Negotiate and Digest authentication
Configure an NCSA-style username and password authentication
I am going to assume that squid is installed and working fine.
Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization :)
Step # 1: Create a username/password
First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.# htpasswd /etc/squid/passwd user1
Output:
New password: Re-type new password: Adding password for user user1
Make sure squid can read passwd file:# chmod o+r /etc/squid/passwd
Step # 2: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distro try:# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
Step # 3: Configure nsca_auth for squid proxy authentication
Now open /etc/squid/squid.conf file# vi /etc/squid/squid.conf
Append (or modify) following configration directive:auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Also find out your ACL section and append/modifyacl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the file.
Where,
- auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
- auth_param basic children 5 : The number of authenticator processes to spawn.
- auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
- auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
- auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
- acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
- http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
Restart squid:# /etc/init.d/squid restart
发表评论
-
扩大虚拟机硬盘空间的方法
2010-11-18 07:53 2151虚拟机是Xen,但同样适用于KVM. 虚拟机硬盘格式为raw. ... -
挂载虚拟机镜像文件里的 LVM 逻辑分区
2010-10-08 10:52 2340如果按照 “在 CentOS ... -
apache 设置中的两个指令 EnableMMAP/EnableSendfile
2010-06-29 21:18 14036apache 中的目录为 windows 共享文件夹时,出 ... -
lvm on xen
2010-03-25 22:18 1532Moving a Xen Guest into an LVM ... -
apache 的模块安装
2010-01-23 13:18 3716Apache HTTP服务器是一个模块化的软件,管理员可以通过 ... -
redmine & ruby 在ubuntu 上的安装笔记
2009-12-05 11:07 2516edmine & ruby 在ubuntu 上的安装笔 ... -
两台linux完美实现双机热备
2009-11-12 21:39 5883一直想做基于linux的双机热备,一直没有时间和机会。一直以 ... -
windows 无盘机,更新主机名.
2009-11-11 22:03 1376同用一个镜像的无盘机,开机后更新主机名. 写个run. ... -
如何用ssh挂载远程目录
2008-10-30 11:09 1659如何用ssh挂载远程目录 ... -
How to userspace l7 filter on Ubuntu
2008-10-23 08:00 2883How to userspace l7 filter on ... -
Ubuntu 中 apache2+tomcat+mod_jk
2008-09-05 07:45 23661. 分别下载jdk和tomcat, 不建议使用源里的包,因为 ... -
Virtual Hosting With Proftpd And MySQL (Incl. Quot
2008-07-07 17:48 1807This document describes how ... -
Differences Between NFS and iSCSI
2008-06-27 09:44 1413NFS and iSCSI provide funda ... -
Ssh 无密码登录的怪问题
2008-06-23 14:21 1807今天为做Oracle RAC 做ssh的免密码登陆,出现也这个 ... -
dovecot + postfix + postfixadmin 建立mail服务器中的几个事项
2008-05-27 22:48 13739我是新手! 第一次建 ... -
在UBUNTU里安装SquirrelMail邮件服务器
2008-05-27 10:24 2587我没有在UBUNTU里安装过S ... -
查看 apache2 安装了哪些模块
2008-05-26 15:23 5335root@ubuntu-idc:/# apache2ctl - ... -
使用mod_cband管理Apache 2带宽和流量
2008-02-28 22:24 1940About the module mod_cband is ... -
Apache 1.3 基于IP限制带宽
2008-02-28 14:17 1787安装步聚: /usr/local/apache/bin/ ... -
ruby on rails应用性能优化之道
2008-01-24 11:54 3607JavaEye网站从2006年9月11 ...
相关推荐
proxyServer squid / varnish / apache traffic server / ATS 这篇博文讨论了代理服务器的基本概念,并重点介绍了Squid、Varnish和Apache Traffic Server(ATS)这三种流行的代理缓存服务器软件。下面将详细阐述这些...
在IT领域,NAT(网络地址转换)与Squid(一种代理服务器)的结合配置是一种常见的技术手段,用于提供内部网络对互联网的访问控制、流量管理以及安全性增强。以下是对这一主题的深入探讨,包括NAT与Squid的基本概念、...
visible_hostname ProxyServer cache_mgr yangfeng@aspire-tech.com cache_mem 32 MB cache_dir aufs /usr/local/squid/var/cache 25000 16 256 error_directory /usr/local/squid/share/errors/Simplify_...
cache_peer 74.125.71.84 parent 443 0 no-query originserver login=PASS name=www cache_peer_domain gmail.google.com cache_peer_domain accounts.google.com ``` - 注意事项: - 私钥文件的权限应设为 ...
本文档详细介绍了如何在RHEL5.5和Windows Server 2003环境下配置Squid作为反向代理服务器,并通过实例演示了如何针对不同域名配置不同的代理策略。这对于希望利用Squid提高网络性能或实现负载均衡的应用场景非常有用...
squid3.5版 for windows 64位。经过在windows server 2008上测试好用。
本文将详细讲解如何使用Squid进行反向代理配置,通过提供的文件名,我们可以看到有四种不同的配置场景:单站点代理、多站点代理、以及两种实现Web站点负载均衡的方法(sibling形式和常规方式)。 1. **单站点代理**...
**方案一**:LVS主备+2台Squid+1或多台Real Server。两台LVS主机通过心跳检测实现VIP的自动切换,保证服务连续性。LVS使用IP TUNNEL模式进行负载均衡,Squid作为反向代理,分发请求到Real Server。 此方案的优势...
这里,`3128`是Squid默认的HTTP代理端口,`your_proxy_server_name`应替换为你的服务器名称,以便在客户端配置时使用。 接下来,设置访问控制。为了允许所有IP访问,可以注释掉或删除原有的`acl`和`http_access`...
- 注释掉原有的一级代理配置,并添加二级代理配置:`cache_peer 192.168.1.8 parent 7001 0 no-query originserver`。 - 修改`visible_hostname`为实际主机名,例如`visible_hostname volcano`。 - 注释掉`...
cache_peer {目标服务器 ip} parent {目标服务器端口} 0 no-query originserver weight=1 name={别名} # 映射别名和服务器 cache_peer_domain {别名} {目标服务器域名或 ip} # 设置访问权限 cache_peer_access {...
Squid是一个流行的开源代理服务器和缓存系统,广泛用于互联网内容缓存和加速,以及企业网络中的流量管理和控制。这个压缩包包含的是Squid 3.0.STABLE25版本的源代码,这意味着你需要通过编译来安装它,以便在你的...
Squid是一个高性能的代理缓冲服务器,也许你已经用过Windows平台下的WinGate,MS Proxy Server等功能类似的产品。Squid是一个应用级代理,在保证客户端主机和服务器主机网络连通后,需要客户端软件做相应的设置后...
- **触发器类型**:某些指令接受`on`或`off`作为值,如`server_persistent_connections`指令用于控制是否启用持久连接。 ##### 2. **指令的覆盖与列表** - 指令的值可以被覆盖。例如,`connect_timeout`如果被多次...
The Squid Server and mod_perl Section 12.7. Apache's mod_proxy Module Section 12.8. mod_rewrite Examples Section 12.9. Getting the Remote Server IP in the Backend Server in the Proxy ...