Basic configurations of Squid Proxy Server (3)

Create an account file

To create an account file for user authentication, you can use Apache's htpasswd program to generate an account file.

File/etc/squid/passwd. Each line of the account file contains the information of a user, that is, the user name and the encrypted password.

Htpasswd-c/etc/squid/passwd wj

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/05293BT6-0.jpg "title =" User Certificate-2.jpg "alt =" 140854389.jpg"/>

Edit the Squid configuration file vim/etc/squid. conf.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0529361127-1.jpg "title =" User Certificate -1.jpg "alt =" 140935760.jpg"/>

Auth_param basic program/usr/lib/squid/ncsa_auth/etc/squid/passwd
Option defines the authentication method as basic, the authentication program path and the degree of authentication needs to read the account file

Auth_param basic children 5
This option defines the process of the authentication program as 5

Auth_param basic credentialsttl 2 hours
This option defines the authentication program time to 2 hours, if the user needs to use squid after 2 hours, you must re-enter the account and password

Auth_param basic realm This is a Squid porxy-caching
The auth_param basic realm option defines the domain content displayed when a user logs on, similar to the Apache membership authentication.

Acl auth_user proxy_auth REQUIRED
Http_accel allow auth_user
Define an ACL named auth_user. The ACL type is proxy_auth. Use an external program to perform user authentication. The list value is REQUIRED, and then use the http_access option to allow the list.

# The following are functional statements.
Acl noauth_user src 192.168.2.0/255.255.255.0
Auth_param basic program/usr/lib/squid/ncsa_auth/etc/squid/passwd
Auth_param basic children 5
Auth_param basic credentialsttl 2 hours
Auth_param basic realm This is a Squid proxy-caching
Acl auth_user proxy_auth REQUIRED
Http_access allow noauth_user
Http_access aloow auth_user

The above function is: as long as users from the 192.168.2.0 CIDR Block do not need to be authenticated, other users have been authenticated before they can pass the proxy server.

① Run the "/etc/init. d/squid restart" command on the server to restart the Squid service.

② Configure the IP address and port number of the proxy server in the Web browser of the client.

③ When accessing any website, the Web browser will pop up a dialog box for entering the user name and password.

④ Enter the correct user name and command to connect to the Internet.

⑤ If the user name and password are incorrect, the error message "Access denied by the Network Cache Server" appears.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/05293614V-2.jpg "title =" User Certificate-2-1.jpg "alt =" 142449370.jpg"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0529361417-3.jpg "title =" User Authentication -3.jpg "alt =" 1425342.16.jpg"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/05293620V-4.jpg "style =" float: none; "title =" User Authentication -4.jpg "alt =" 142841279.jpg"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0529364595-5.jpg "style =" float: none; "title =" User Certificate -5.jpg "alt =" 142847812.jpg"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/05293A261-6.jpg "style =" float: none; "title =" User Authentication -6.jpg "alt =" 142852220.jpg"/>

This article is from the blog "life is on duty, don't seek anything". I will not repost it!