Difference between revisions of "Configuring proxy authentication for squid"
(Created page with "=Configuring proxy authentication for squid= ==Enabling proxy authentication using custom plugin== We can configure a program for basic authentication using lines like: <pre...") |
m |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Squid proxy server configuration]] > [[Configuring proxy authentication for squid]] | |||
==Enabling proxy authentication using ldap== | |||
Refer to [[Configuring authentication with openLDAP server#Squid_proxy_authentication|Squid proxy authentication using ldap]] | |||
==Enabling proxy authentication using custom plugin== | ==Enabling proxy authentication using custom plugin== | ||
===Authentication program=== | |||
For squid authentication a custom program which reads "username password" in endless loop from standard input is required. This program should print OK if authentication is successful or ERR followed by optional error message if authentication fails. Once such program is available then custom authentication can be setup as explained in following sub-section. | |||
===Authentication configuration=== | |||
We can configure a program for basic authentication using lines like: | We can configure a program for basic authentication using lines like: | ||
<pre> | <pre> | ||
Line 32: | Line 43: | ||
Hence ACLs are tried in the order in which they are given. This can be used to optimize | Hence ACLs are tried in the order in which they are given. This can be used to optimize | ||
ACLs so that rule which is more likely to fail is given higher preference. | ACLs so that rule which is more likely to fail is given higher preference. | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Squid proxy server configuration]] > [[Configuring proxy authentication for squid]] |
Latest revision as of 10:13, 14 July 2022
Home > CentOS > CentOS 6.x > Squid proxy server configuration > Configuring proxy authentication for squid
Enabling proxy authentication using ldap
Refer to Squid proxy authentication using ldap
Enabling proxy authentication using custom plugin
Authentication program
For squid authentication a custom program which reads "username password" in endless loop from standard input is required. This program should print OK if authentication is successful or ERR followed by optional error message if authentication fails. Once such program is available then custom authentication can be setup as explained in following sub-section.
Authentication configuration
We can configure a program for basic authentication using lines like:
auth_param basic program /usr/lib64/squid/squid_auth_using_pop3/squid_auth_using_pop3 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours
Now we can use acl proxy_authentication like 'acl proxy_authentication proxy_auth'
After this whenever proxy encounters this acl proxy authentication would be forced. Note that we want to enable proxy authentication for all users then we can use
http_access allow proxy_authentication
But if we want it to be enabled only in combination with other ACL like source address then we can use
acl hostel_wireless_users src 172.17.0.0/16 172.16.0.0/16 http_access allow hostel_wireless_users proxy_authentication
Here order of acls, that is first hostel_wireless_users and then proxy_authentication is very important, so that only for hostel_wireless_users proxy_authentication is enforced. If we reverse the order and try
http_access allow proxy_authentication hostel_wireless_users
then squid will end up trying proxy_authentication for all users and later on will see if users are hostel_wireless_users or not which wont serve the purpose of selective authentication.
Hence ACLs are tried in the order in which they are given. This can be used to optimize ACLs so that rule which is more likely to fail is given higher preference.
Home > CentOS > CentOS 6.x > Squid proxy server configuration > Configuring proxy authentication for squid