Thursday, November 24, 2011

Squid Basic Auth

**Backup your existing squid.conf

Put/uncomment following lines to your squid.conf
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

#auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd <- 64bit Linux

ncsa_auth program is installed along squid in redhat flavours, under /usr/lib/squid/ . "/etc/squid/passwd" is the name of the file where all the passwords will be kept. You can change this to point to wherever you want in the file system.

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

First line below is an ACL named "authenticated_user"
Second line defines the networks in the LAN. This should be changed according to your setup. ( i just copied over from def: squid.configuration :-) )
The third allows http access through the proxy for Authenticated connections coming from the specified networks.
acl authenticated_user proxy_auth REQUIRED
acl our_networks src
http_access allow our_networks authenticated_user

Once you have made the above changes to the squid.conf you have to create the username/passwords in the specified file. ( /etc/squid/squid_passwd in this )

For that, do,
htpasswd -c /etc/squid/squid_passwd username password

After adding the 1st user in the above way, to add more new users, use the below method.
htpasswd /etc/squid/squid_passwd username password

You can find out various parameters you can use with htpasswd from the man page.

When everything is done, simply restart the squid service..

No comments: