Install squid, under the UB directly sudo apt-get a bit on the line, the following is the configuration phase
First, we run $ sudo htpasswd-c ~/psw username
then enter the password two times, confirmed after the generation of a name is PSW file, The login name is username
and then enters the directory/usr/lib/squid
to perform the sudo mv ~/PSW./
Copy the file to the current directory
above to generate a certification file, and so will use this file
Why is Mr. Cheng in home? Because it's always a failure (ie, sudo) to generate directly in USR catalogs, it's OK to build and replicate in the home first
Then, modify the/etc/squid/squid.conf file, mainly to modify the authentication method, where the user name/password to use proxy
that file authority authentication, is executed sequentially, so you add the following code directly to the front also line, Or find ACL authentication that section of code (on the Internet, such as the ACL safe_ports Port 80, to this convenient for you to locate, that file is too long) in the vicinity of the add, the default port is 3128, you find this number to change on the line
Auth_param basic PROGRAM/USR/LIB/SQUID/NCSA_AUTH/USR/LIB/SQUID/PSW
ACL pswnet proxy_auth REQUIRED
http_access allow Pswnet
The meaning is to use the Basic authentication method, use PSW file content as authentication
If you need an exception, such as a local IP need authentication, then put the http_access in the local authentication line of code after the following:
# only Allow Cachemgr Access from localhost
http_access allow manager localhost
http_access deny manager
# only allow purge requests From localhost
http_access allow purge localhost
http_access deny purge
If you need to restrict IP, you need to first define names and attributes with ACL directives, Then use Http_access to determine the permissions for this name, such as:
ACL baduser 192.168.0.100/32
ACL baduser 192.168.0.128/32
Http_access deny Baduser
Where, 192.168.0.100/32 means, 192.168.0.100 this address, use a gateway of 32 bits, that is, 255.255.255.255, that is, only this IP
if it is 192.168.0.0/ 24, then with the 192.168.0.0-192.168.0.255 equivalent
the previous code, the 192.168.0.100 and 192.168.0.128 two IP to ban
And if you need to control the MAC address, you can:
ACL Baduser ARP 00:01:02:1f:2c:3e
To control access to a specified Web site by others:
ACL badpage Dstdomain www.tecent.com
To control the access rights of domain segments
ACL badpage dstdomain. tecent.com
In this case, whether the front is www or BBS or news, as long as the suffix for this domain name can not access
Control download File Type:
ACL mmxfile urlpath_regex-i \.mp3$ \.avi$ \.exe$
Http_access Deny Mmxfile
Control use time:
ACL worktime time MTWHF 8:30-12:00 14:00-18:00
To control the number of concurrent connections:
ACL Conncount maxconn 3
In short, than win under what what what Agent software powerful many many, the control of the way the rights are entirely by your code, and code order to determine
Finally, run
sudo squid-k reconfigure
Make the previous modification take effect (if the service is not running before, run it directly)