- Linux Training
- Desktop Tutorials
- Server Tutorials
|Squid Proxy Authentication|
|Server Training - Proxy Server|
You may come into a situation where you want users to authenticate in order to access the Internet. This provides several advantages. First, you can control when and how users will access the Internet. For example, you could set it up so users could only access the Internet during breaks and at lunch. Second, when you have users authenticate you will be able to track all access that users have to the Internet in logs. Without authentication you will not have a name attached to each web page, and each image that users access. This provides a good way to manage company policies for how the Internet is used. NCSA authentication is used for the example because it is the easiest to setup.
Basic authentication is somewhat insecure but is often used. Digest authentication is more secure but more difficult to configure. The problem with NTLM is that is proprietary.
Listed below are the parameters required to set up the authentication. The realm listed below is simply the name that will appear on the login screen. This name can be descriptive of the type of login that it provides access for.
The auth_param directive must be defined before the proxy_auth directive in order for it to work.
auth_param basic realm Linux Class
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_user
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Note that you must tell squid that proxy authentication is required. Then you will list the name of the acl, in this example class is used, in the http_access allow. Note the acl is listed with the other acls that you have and the http_access line must be listed with the other http_access lines.
acl class proxy_auth REQUIRED
http_access allow class
htpasswd /etc/squid/squid_user username_you_want