we are going to learn to put authentication in squid proxy server. Each user will have to give a valid username and password in order to use the proxy server.
We will configure authentication using the NCSA module.
NOTE: I assume that you have got squid server already configured and running. (Please read How to configure squid proxy server)
1) Create a NCSA password file using to store usernames and password for basic authentication.
[root@client ~]# touch /etc/squid/password/etc/squid/password is blank file, you can change its name and location as per your need.
2) Next, we can add users using the htpasswd command:
[root@server ~]# htpasswd /etc/squid/password sam New password: Re-type new password: Adding password for user sam [root@server ~]#/etc/squid/password will now have the authentication details for user sam, similarly we can add more users in same file.
3) Now open the squid configuration file /etc/squid/squid.conf and insert or modify these lines (on top of every line i have written a comment stating what it does, if you don't, do not write them) :
[root@server ~]# vi /etc/squid/squid.conf #This line defines the file holding the authentication details and also the program to check those details auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password #Define the maximum number of child process to spawn for authentication auth_param basic children 5 #user will see this message "Squid proxy-caching web server" in authentication box auth_param basic realm Squid proxy-caching web server #time to live after a successful authentication auth_param basic credentialsttl 2 hours #to make username case insensitive auth_param basic casesensitive off4) Now, add the following ACL in the same file in acl section and also allow this ACL:
#this rule will match and allow all the users having a successful authentication acl valid_users proxy_auth REQUIRED http_access allow valid_usersSave and exit the file.
5) Restart the squid service
[root@server ~]# service squid restart6) Thats it, Now configure your browser to use this proxy and try to open any webpage, the authentication box will pop up.
No comments:
Post a Comment