Squid with basic and authentication

    Squid documentation

package: squid

daemon : /usr/sbin/squid

script : /etc/init.d/squid

port : 3128/tcp(squid) 3130/udp(icpv2)

configuration : /etc/squid/squid.conf

logs : /var/log/squid/

yum install squid*

rpm -qa squid

squid-3.1.10-1.el6_2.1.i686

                    // to basic access provide my network

vim /etc/squid/squid.conf

cache_mem 8 MB

cache_dir ufs /var/spool/squid 100 16 256

acl mynetwork src 192.168.0.0/24

http_access allow mynetwork

               // squid using authentication

various ways to use authentication:

NCSA

LDAP

MSNT

PAM

SMB

SASL

NTLM

configuration with NCSA

step-1: create user

htpasswd -c /etc/squid/passwd user1

chmod o+r /etc/squid/passwd

step-2: locate ncsa_auth authentication helper

rpm -ql squid | grep ncsa_auth

/usr/lib/squid/ncsa_auth

/usr/share/man/man8/ncsa_auth.8.gz

step-3: configure in squid.conf file

vim /etc/squid/squid.conf

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd

auth_param basic realm Proxy

auth_param basic children 5

auth_param basic credentialsttl 2 hours

acl ncsa_user proxy_auth REQUIRED

http_access allow ncsa_user

                //squid with time

acl aclname time     [day-abbrevs]  [h1:m1-h2:m2]

         day-abbrevs:

             S – Sunday

             M – Monday

             T – Tuesday

             W – Wednesday

             H – Thursday

             F – Friday

             A – Saturday

acl working time MTWHF 08:00-17:00

http_access allow working

                // block any site

acl fb url_regex http://www.facebook.com

http_access deny fb

       // block any file with extension exe, mp3, avi, 3gp

 methord : 1

acl download urlpath_regex -i “/etc/squid/download.acl”

http_access deny download

vim /etc/squid/download.acl

\.exe$

\.mp3$

\.avi$

\.3gp$

 methord : 2 based on MIME type – pattern matching on the reply (downloaded content) content-type header

first take content from /etc/squid/mime.conf in this example is video/flv

acl mime rep_mime_type video/flv

http_reply_access deny mime

Advertisements

About bpn4it

Feel Free in Linux. Bipin Patel bpn4it@gmail.com Ahmadabad, Gujarat, India
This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s