Configuring proxy authentication for squid

From Notes_Wiki
Revision as of 09:41, 8 November 2012 by Saurabh (talk | contribs) (Created page with "=Configuring proxy authentication for squid= ==Enabling proxy authentication using custom plugin== We can configure a program for basic authentication using lines like: <pre...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Configuring proxy authentication for squid

Enabling proxy authentication using custom plugin

We can configure a program for basic authentication using lines like:

auth_param basic program /usr/lib64/squid/squid_auth_using_pop3/squid_auth_using_pop3
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

Now we can use acl proxy_authentication like 'acl proxy_authentication proxy_auth'

After this whenever proxy encounters this acl proxy authentication would be forced. Note that we want to enable proxy authentication for all users then we can use

    http_access allow proxy_authentication

But if we want it to be enabled only in combination with other ACL like source address then we can use

    acl hostel_wireless_users src 172.17.0.0/16 172.16.0.0/16
    http_access allow hostel_wireless_users proxy_authentication

Here order of acls, that is first hostel_wireless_users and then proxy_authentication is very important, so that only for hostel_wireless_users proxy_authentication is enforced. If we reverse the order and try

    http_access allow proxy_authentication hostel_wireless_users

then squid will end up trying proxy_authentication for all users and later on will see if users are hostel_wireless_users or not which wont serve the purpose of selective authentication.

Hence ACLs are tried in the order in which they are given. This can be used to optimize ACLs so that rule which is more likely to fail is given higher preference.