Freebsd6.2 + squid2.6 set up the "Squid proxy + authentication for Internet users" Server

Set up a proxy to provide proxy requests to Internet users. The port is still 3128 and the squid authentication function is added. This ensures that the service is only provided to some users you trust. The setup process is basically the same as the setup process for providing services to intranet users, but it is somewhat different from the squid. conf configuration file of squid when compiling and installing squid. The server set up this time will retain providing the squid service for Intranet users (intranet users do not add authentication restrictions), while at the same time adding squid + authentication for Internet users. Version: Freebsd6.2-release+ Squid2.6-stable12.
Server and network information:

Internet NIC: em0; Internet IP: 221.6.117.50/255.255.255.240
Intranet NIC: Em1; Intranet IP Address: 128.0.0.4/255.255.252.0

Setup process:
I,FreeBSDInstallation
1. Minimal InstallationFreebsd6.2release
2. Configure the kernel: jiulongproxynew # cd/usr/src/sys/i386/Conf
Jiulongproxynew # cp generic funpower
Jiulongproxynew # Ee funpower

Modify the Kernel configuration file, and press # In front of unnecessary options (such as the NIC), then press ESC, save and exit by a, and then execute: jiulongproxynew #/usr/sbin/config funpower
Jiulongproxynew # CD ../compile/funpower
Jiulongproxynew # Make cleandepend
Jiulongproxynew # Make depend
Jiulongproxynew # Make
Jiulongproxynew # make install

3. Configure/etc/rc. conf:

ReferenceHostname = "jiulongproxynew.jscpu.com"
Defaultrouter = "221.6.117.97"
Ifconfig_em0 = "Inet 221.6.117.50 netmask 255.255.255.255.240"
Ifconfig_em1 = "Inet 128.0.0.4 netmask 255.255.252.0"
Sendmail_enable = "NONE"
Inetd_enable = "yes"
Linux_enable = "yes"
Sshd_enable = "yes"
Usbd_enable = "yes"

4. Configure resolv. conf: jiulongproxynew # cd/etc
Jiulongproxynew # Ee resolv. conf

Add the following two rows:

ReferenceNameserver 221.6.96.177
Nameserver 221.6.96.178

5. Restart the server
II,SquidInstallation
1. Install Perl to support squidjiulongproxynew # cd/usr/ports/lang/perl5
Jiulongproxynew # make install

2. install Apache and use the Apache password management program htpasswdjiulongproxynew # cd/usr/ports/www/apache13 when squid authenticates the user's password.
Jiulongproxynew # make install

3. Download and install squid
SlaveHttp://www.squid-cache.org/Versions/v2/2.6/DownloadSquid-2.6.STABLE16.tar.gzAnd put/home/funpower In the Server Directory through FTP, and then start to unzip and install: jiulongproxynew # cd/home/funpower
Jiulongproxynew # tar zxvf squid-2.6.STABLE16.tar.gz
Jiulongproxynew # cd squid-2.6.STABLE16
Jiulongproxynew #./configure-Prefix =/usr/local/squid-enable-auth = "Basic"-enable-Basic-auth-helpers = "NCSA"
Jiulongproxynew # Make
Jiulongproxynew # make install

3. Configure squid and create an authenticated user and password
Copy ncsa_auth to the executable directory/usr/sbinjiulongproxynew # cd/home/funpower/squid-2.6.STABLE16
Jiulongproxynew # cd helpers/basic_auth/NCSA/
Jiulongproxynew # cp ncsa_auth/usr/sbin

Create squid authentication user wwwjiulongproxynew #/usr/local/bin/htpasswd-C/usr/local/squid/etc/password WWW
New password:
Re-type new password:
Adding password for user WWW

After you enter the WWW password twice, the above information indicates that the user is successfully created.
4. Configure squid. confjiulongproxynew # cd/usr/local/squid/etc
Jiulongproxynew # Ee squid. conf

The content is as follows:

ReferenceAuth_param BASIC Program/usr/sbin/ncsa_auth/usr/local/squid/etc/Password
Auth_param basic children 5
Auth_param basic realm please enter the user name and password
Auth_param basic credentialsttl 2 hours
ACL web SRC 128.0.0.0/22 // intranet IP segment Definition
ACL all SRC 0.0.0.0/0.0.0.0 // definitions of Internet IP segments
ACL all1 proxy_auth required // defines the all1 field as required for authentication
ACL manager proto cache_object
ACL localhost SRC 127.0.0.1/255.255.255.255
ACL to_localhost DST 127.0.0.0/8
ACL ssl_ports port 443
ACL safe_ports port 80 # HTTP
ACL safe_ports port 21 # ftp
ACL safe_ports port 443 # https
ACL safe_ports port 70 # Gopher
ACL safe_ports port 210 # wais
ACL safe_ports port 1025-65535 # unregistered ports
ACL safe_ports port 280 # http-Mgmt
ACL safe_ports port 488 # GSS-HTTP
ACL safe_ports port 591 # FileMaker
ACL safe_ports port 777 # multiling HTTP
ACL connect method connect
# Deny BBS
Acl bbs url_regex-I BBS
Http_access deny BBS
# Deny Baidu Post
ACL baidupost dstdom_regex post.baidu.com
ACL baidupost2 dstdomain post.baidu.com
Http_access deny baidupost
Http_access deny baidupost2
Http_access allow manager localhost
Http_access deny Manager
Http_access deny! Safe_ports
Http_access deny connect! Ssl_ports
Http_access allow Web // defines the Intranet IP segment as allowed
Http_access allow all all1 // defines the Internet IP segment as allowed, but authentication is required because the all1 field is added.
Icp_access allow all
Http_port 3128
Http_port 221.6.117.x: 3128 // Add a port 3128 to the Internet address of the Local Machine
Hierarchy_stoplist cgi-bin?
ACL query urlpath_regex cgi-bin \?
Cache deny Query
Cache_mem 64 MB
Cache_dir ufs/usr/local/squid/cache 7000 16 256
Access_log/dev/null
Cache_log/dev/null
Cache_store_log none
Refresh_pattern ^ ftp: 1440 20% 10080
Refresh_pattern ^ gopher: 1440 0% 1440
Refresh_pattern. 0 20% 4320
ACL Apache rep_header server ^ Apache
Broken_vary_encoding allow Apache
Cache_mgr webmaster@jscpu.com
Cache_inclutive_user squid
Cache_paitive_group squid
Visible_hostname jiulongproxynew.jscpu.com

4. Create users and cache: jiulongproxynew # PW groupadd squid
Jiulongproxynew # PW adduser squid-G squid-S/nonexistent
Jiulongproxynew # mkdir/usr/local/squid/Cache
Jiulongproxynew # chown-r squid/usr/local/squid/Cache
Jiulongproxynew # chgrp-r squid/usr/local/squid/Cache
Jiulongproxynew # chown-r squid/usr/local/squid/var/logs
Jiulongproxynew # chgrp-r squid/usr/local/squid/var/logs
Jiulongproxynew #/usr/local/squid/sbin/squid-z
Jiulongproxynew # cd/usr/local/squid/sbin
Jiulongproxynew #./squid
Jiulongproxynew # Ee/etc/rc. Local

Add the following line:

Reference/Usr/local/squid/sbin/squid

Save and exit.
5. Restart the server
3. Client settings and online demonstration
1. Intranet users
Because the Squid proxy authentication function is not added to intranet users, you only need to set the server Intranet NIC address 128.0.0.4 and 3128 in the IE browser. For example:
Views: 10
File Size: 18.7 kb "style =" margin: 2px "alt =" Name: 20071207091038567.gif
Views: 10
File Size: 18.7 kb "src =" http://www.wfcsu.net/attachment.php? Attachmentid = 2502 & D = 1197597763 "onLoad =" If (this. width> screen. width-250) {This. width = screen. width-250; this. alt = 'this image has been reduced. Click to view the source image. '; This. onmouseover = This. style. cursor = 'pointer'; this. onclick = function () {window. Open ('HTTP: // www.wfcsu.net/attachment.php? Attachmentid = 2502 & D = 1197597763 ')} "border =" 0 ">
2. Internet (home) Users
Internet users are usually in the home. When using this proxy, you need to set the proxy server address on IE to the Internet NIC address of the server 221.6.117.50, and the port is still 3128. For example:
Views: 10
File Size: 18.5 kb "style =" margin: 2px "alt =" Name: 20071207091049304.gif
Views: 10
File Size: 18.5 kb "src =" http://www.wfcsu.net/attachment.php? Attachmentid = 2503 & D = 1197597763 "onLoad =" If (this. width> screen. width-250) {This. width = screen. width-250; this. alt = 'this image has been reduced. Click to view the source image. '; This. onmouseover = This. style. cursor = 'pointer'; this. onclick = function () {window. Open ('HTTP: // www.wfcsu.net/attachment.php? Attachmentid = 2503 & D = 1197597763 ')} "border =" 0 ">
After the settings are complete, open any Web site on IE. An authentication dialog box is displayed. For example, enter the created WWW user and password. If you can access the website, and the server is correctly set up.
Views: 10
File Size: 19.8 kb "style =" margin: 2px "alt =" Name: 20071207091103909.gif
Views: 10
File Size: 19.8 kb "src =" http://www.wfcsu.net/attachment.php? Attachmentid = 2504 & D = 1197597790 "onLoad =" If (this. width> screen. width-250) {This. width = screen. width-250; this. alt = 'this image has been reduced. Click to view the source image. '; This. onmouseover = This. style. cursor = 'pointer'; this. onclick = function () {window. Open ('HTTP: // www.wfcsu.net/attachment.php? Attachmentid = 2504 & D = 1197597790 ')} "border =" 0 ">