Howto: Squid proxy authentication in Ubuntu

Filed under: General

I’ve set up a squid proxy server again. This time in my acl I defined my work address, and added it to the http_access allow:

acl work src ip.add.res.ss #Work ip

and

http_access allow work

However, as I’m not the only person at my work that could benefit from a “cache-server”, I’ve decided that maybe I’d like to allow other people to use this server, as well as use it from other locations. So I decided to set up some sort of authorization module.

You need to use proxy_auth ACLs to configure ncsa_auth module. Browsers send the user’s authentication in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.

Squid is does not start with password authentication turned on, in the squid.conf you will see many lines of code that are commented out that will help you to enable your authentication. I went with the basic/NCSA-style of authentication using a user/password request.

Configure an NCSA-style username and password authentication

Step # 1: Create a username/password

# sudo htpasswd -c /etc/squid/passwd username

New password:
Re-type new password:
Adding password for user user1

Make sure squid can read passwd file:

# sudo chmod o+r /etc/squid/passwd

Step # 2: Locate nsca_auth authentication helper

By default (I’m using Ubuntu 8.04) the location of ncsa_auth is found in this fashion:

# dpkg -L squid | grep ncsa_auth

Output:

/usr/lib/squid/ncsa_auth

Step # 3: Configure nsca_auth for squid proxy authentication

# sudo vim /etc/squid/squid.conf

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 50
auth_param basic realm Whatever you'd like:
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify:

acl ncsa_users proxy_auth REQUIRED

http_access allow ncsa_users

Restart squid:

# sudo /etc/init.d/squid restart

Now users will be prompted for username and password.

Source

Posted on July 7th, 2009 by MianoSM

0 Comments

Leave a Reply

You must be logged in to post a comment.

 

July 2009
S M T W T F S
« Apr   Aug »
 1234
567891011
12131415161718
19202122232425
262728293031  

Recent Posts

Previous Months

Links

Tags

5k 8.10 Alterations. Bash history linux command line fu Birthday blogging Carillon clearwater client Computers Dad DIY Family Flight Grandpa Green Day Hard drive format Home Audio Home Video howto HTPC kfc double stacker fatness lunch disgustingly good linux Mass Memories Military monitoring nagios Parted permalinking Running seo server Technology tutorial ubuntu Uniforms USMC Windows wordpress

Copyright 2010 A Minute with MianoSM. All rights reserved.