HTTP Digest Authentication with Squid

By | ottobre 9, 2016

Recently, we have seen how to use Squid as a Reverse Proxy, knowing that the primary objective of the product is to be used as a proxy internet. In this guide, I want to offer one of 3 different authentication for Squid I use most: http digest authentication. http digest is an easy way to manage the users through a simple text file and user passwords, Cryptate in MD5. Convenient for the management of a few utilities and to be lighter Squid. The authentication can be used whether you are using Squid as a Proxy Internet both as a Reverse Proxy

If we use Squid as Reverse Proxy could be used to protect pages or directories through authentication, for example to protect the access to a sub-domain, such as a page www.miosito.com / wp-admin etc.. While if we use Squid Proxy Internet as we can manage access to the proxy username and password.

http_digest_squid

 

Let’s see how to use this method of authentication with Squid.

We create the user through the command:

# htdigest -c /etc/squid/user_squid WEB-PROXY <username>

replacing <username> with the username that you want to insert, and WEB-PROXY with the realm we want to associate.

option “-c” create /etc/squid/user_squid. If we want to add another user the command to use is:

# htdigest /etc/squid/user_squid WEB-PROXY <username2>

ran the command you will be asked to enter the password.

created our users, we modify the Squid configuration file with your favorite editor:

# vim /etc/squid/squid.conf

and add at the beginning of the file, the lines:

auth_param digest program /usr/lib/squid/digest_pw_auth -c /etc/squid/user_squid
auth_param digest children 5
auth_param digest realm WEB-PROXY
uth_param basic credentialsttl 1 minute
auth_param basic casesensitive off

we add acl:

acl users proxy_auth REQUIRED
http_access allow uesrs

in this way we will enable all internet browsing only to authenticated users. While some sites only authenticate if we use

acl users proxy_auth REQUIRED
acl authurl url_regex -i "/etc/squid/authurl.txt"
http_access allow authurl users
http_access allow all

where we put in the file /etc/squid/authurl.txt all sites accessible to users who have a username and password. Useful for example, to block facebook or internal sites in all vision and enable only those users who have user password.

You can use the same configuration for Reverse Proxy, in this case the file authurl.txt insert pages or sub-domains that we want to protect with a username and password, for example:

wp-admin
wp-login.php
phpmyadmin.miodominio.com

completed our configuration squid restart or reload the configuration with the command:

# squid -k reconfigure

Now there is nothing left to view the logs of squid and verify that the authentication functions.

The next time we will see how to use utilities in mysql db with squid.

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *