Configuring proxy authentication for squid
Configuring proxy authentication for squid
Enabling proxy authentication using custom plugin
We can configure a program for basic authentication using lines like:
auth_param basic program /usr/lib64/squid/squid_auth_using_pop3/squid_auth_using_pop3 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours
Now we can use acl proxy_authentication like 'acl proxy_authentication proxy_auth'
After this whenever proxy encounters this acl proxy authentication would be forced. Note that we want to enable proxy authentication for all users then we can use
http_access allow proxy_authentication
But if we want it to be enabled only in combination with other ACL like source address then we can use
acl hostel_wireless_users src 172.17.0.0/16 172.16.0.0/16 http_access allow hostel_wireless_users proxy_authentication
Here order of acls, that is first hostel_wireless_users and then proxy_authentication is very important, so that only for hostel_wireless_users proxy_authentication is enforced. If we reverse the order and try
http_access allow proxy_authentication hostel_wireless_users
then squid will end up trying proxy_authentication for all users and later on will see if users are hostel_wireless_users or not which wont serve the purpose of selective authentication.
Hence ACLs are tried in the order in which they are given. This can be used to optimize ACLs so that rule which is more likely to fail is given higher preference.