如何使用基本的用户名和密码身份验证设置鱿鱼代理? [英] How to set up a squid Proxy with basic username and password authentication?

问题描述

我目前在acl中使用ip，并且我想使用用户名和密码来完成此操作.

I currently I use ip in acl, and I want to use username and password to do this.

推荐答案

这是我在 Ubuntu 14.04 上设置基本身份验证所要做的(在其他任何地方都找不到指南)

Here's what I had to do to setup basic auth on Ubuntu 14.04 (didn't find a guide anywhere else)

/etc/squid3/squid.conf 代替超级膨胀的默认配置文件

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

# Choose the port you want. Below we set it to default 3128.
http_port 3128

请注意 basic_ncsa_auth 程序，而不是旧的 ncsa_auth

Please note the basic_ncsa_auth program instead of the old ncsa_auth

对于鱿鱼2.x，您需要编辑/etc/squid/squid.conf文件并放置:

For squid 2.x you need to edit /etc/squid/squid.conf file and place:

auth_param basic program /usr/lib/squid/digest_pw_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

设置用户

sudo htpasswd -c /etc/squid3/passwords username_you_like

然后为所选用户名输入两次密码，然后

and enter a password twice for the chosen username then

sudo service squid3 restart

乌贼2.x

sudo htpasswd -c /etc/squid/passwords username_you_like

然后为所选用户名输入两次密码，然后

and enter a password twice for the chosen username then

sudo service squid restart

htdigest与htpasswd

对于许多问我的人:这两种工具产生不同的文件格式:

htdigest vs htpasswd

For the many people that asked me: the 2 tools produce different file formats:

• htdigest以纯文本格式存储密码.
• htpasswd存储散列的密码(可用各种散列算法)

• htdigest stores the password in plain text.
• htpasswd stores the password hashed (various hashing algos are available)

尽管格式basic_ncsa_auth 存在差异，但仍然可以解析使用htdigest 生成的密码文件.因此，您可以选择使用:

Despite this difference in format basic_ncsa_auth will still be able to parse a password file generated with htdigest. Hence you can alternatively use:

sudo htdigest -c /etc/squid3/passwords realm_you_like username_you_like

请注意，此方法是经验的，未记录的并且将来的Squid版本可能不支持.

在Ubuntu 14.04上，htdigest和htpasswd都在[apache2-utils][1]软件包中提供.

On Ubuntu 14.04 htdigest and htpasswd are both available in the [apache2-utils][1] package.

与上述类似，但文件路径不同.

Similar as above applies, but file paths are different.

安装鱿鱼

brew install squid

启动鱿鱼服务

brew services start squid

乌贼配置文件存储在/usr/local/etc/squid.conf.

评论或删除以下行:

http_access allow localnet

然后类似于linux config(但具有更新的路径)添加此内容:

Then similar to linux config (but with updated paths) add this:

auth_param basic program /usr/local/Cellar/squid/4.8/libexec/basic_ncsa_auth /usr/local/etc/squid_passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

请注意，basic_ncsa_auth的路径可能有所不同，因为使用brew时，它取决于安装的版本，您可以使用ls /usr/local/Cellar/squid/进行验证.另外请注意，您应该在以下部分之后添加以上内容:

Note that path to basic_ncsa_auth may be different since it depends on installed version when using brew, you can verify this with ls /usr/local/Cellar/squid/. Also note that you should add the above just bellow the following section:

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

现在为您自己生成一个用户:密码基本身份验证凭据(注意:htpasswd和htdigest在MacOS上也都可用)

Now generate yourself a user:password basic auth credential (note: htpasswd and htdigest are also both available on MacOS)

htpasswd -c /usr/local/etc/squid_passwords username_you_like

重新启动鱿鱼服务

brew services restart squid

这篇关于如何使用基本的用户名和密码身份验证设置鱿鱼代理?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！