CentOS配置基於web認證的squid 3.1.23
環境清單:
Centos 6.4 X64
Squid 3.1.23
Squid依然是當下流行的web代理伺服器軟體,它的發展歷史由來已久,當然,除了老牌之外,它其功能相當完善且幾乎完跨平臺……今心血來潮,探索它auth 模組中的Digest認證(squid支援的認證模組有好多,比如NCSA、LDAP
一、 平臺就緒
1、 系統安裝
2、 關閉iptables、Selinux
3、 新增 gcc、make、wget、perl等包
4、 [[email protected]] #useradd -M squid -s /sbin/nologin -c "Squid user" //新增squid使用者
二、 安裝squid
[[email protected]] # wget http://sourceforge.jp/projects/sfnet_brazilfw/downloads/3.x/source/pool/squid-3.1.23.tar.bz2
[[email protected]] # tar xjf squid-3.1.23.tar.bz2
[[email protected]]) # cd squid-3.1.23
[[email protected]] # ./configure --prefix=/usr/local/squid \
--enable-async-io \
--enable-removal-policies=heap,lru \
--enable-default-err-languages="Simplify_Chinese"\
--enable-err-languages="Simplify_Chinese English"\
--enable-epoll \
--disable-http-violations \
--with-large-files \
--enable-auth="digest" \
--enable-digest-auth-helpers="password" \
--with-default-user=squid [[email protected]] # Make &&make install // 中途沒有提示 Error 的話,說明已經安裝完成
三、 配置squid
[[email protected]] # chown squid/usr/local/squid –R
[[email protected]] # Vi /usr/localhost/squid/etc/squid.conf //加入以下資訊:
//指定認證型別,-c選項將密碼進行加密儲存到指定檔案(/usr/local/squid/digest.passwd),不加選項則使用明文
auth_param digest program /usr/local/squid/libexec/digest_pw_auth -c /usr/local/squid/digest.passwd//輔助程序數量,預設為5
auth_param digest children 8//認證域名稱
auth_param digest realm vqiu//多久清空nonce 快取,預設5分鐘
auth_param digest nonce_garbage_interval 5 minutes//客戶端與squid保持nonce連線最長時效,超過後重新驗證
auth_param digest nonce_max_duration 30 minutes//對nonce 可使用50個請求
auth_param digest nonce_max_count 50//定義一賬號多少個ip使用
acl FOO max_user_ip 1//定義已認證的客戶端
acl know_cli proxy_auth REQUIRED//放行max_user_ip
http_access allow FOO//放行認證客戶端
http_access allow know_cli
//定義主機名稱,名稱可隨意
visible_hostname squid_server
四、 新增賬號
新建指令碼,內容如下:
#!/bin/bash
user=$1
pass=$2realm=$3 //此選項必須與conf檔案中的 auth_param digest realm XXX 一致
if [ -z"$1" -o -z "$2" -o -z "$3" ] ; then
echo "Usage: $0 user password'realm'";
exit 1
fi
ha1=$(echo-n "$user:$realm:$pass"|md5sum |cut -f1 -d' ')
echo"$user:$realm:$ha1" >>/usr/local/squid/digest.passwd
新建使用者格式:sh shell_script username password realm(本例為vqiu)
例:新增一個使用者名稱與密碼為test的使用者--- sh script_name vqiu vqiu
五、 啟動squid 服務
將/usr/local/squid/bin與sbin 這兩目錄加入PATH變數中
[[email protected]] # squid –k check或 squid –k parse //排錯squid配置檔案
[[email protected]] # Squid –zX //初始化squid
[[email protected]] # squid –s //後臺啟動服務
服務啟動成功
六、 配置客戶端
進入internet explorer 選項,設定 proxy。
輸入網址,將彈出以下視窗,把已新增的使用者填上。
Set Basic Authentication and limit squid for users to require authentication. | |
[1] | Install a package which includes htpasswd. |
[[email protected] ~]# yum -y install httpd-tools |
[2] | Configure Squid to set Basic Auth. |
[[email protected] ~]#
vi /etc/squid/squid.conf
acl CONNECT method CONNECT
# line 26: add follows for Basic Auth auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 5 hours acl password proxy_auth REQUIRED http_access allow password # add a user : create a new file with "-c" ( add the "-c" option only for the initial registration ) [[email protected] ~]# htpasswd -c /etc/squid/.htpasswd cent New password: # set password Re-type new password: # confirm Adding password for user cent [[email protected] ~]# systemctl restart squid |