Recently, we have seen how to use Squid as a Reverse Proxy, knowing that the primary objective of the product is to be used as a proxy internet. In this guide, I want to offer one of 3 different authentication for Squid I use most: http digest authentication. http digest is an easy way to manage the users through a simple text file and user passwords, Cryptate in MD5. Convenient for the management of a few utilities and to be lighter Squid. The authentication can be used whether you are using Squid as a Proxy Internet both as a Reverse Proxy.
If we use Squid as Reverse Proxy could be used to protect pages or directories through authentication, for example to protect the access to a sub-domain, such as a page www.miosito.com / wp-admin etc.. While if we use Squid Proxy Internet as we can manage access to the proxy username and password.
Let’s see how to use this method of authentication with Squid.
# htdigest -c /etc/squid/user_squid WEB-PROXY <username>
replacing <username> with the username that you want to insert, and WEB-PROXY with the realm we want to associate.
option “-c” create /etc/squid/user_squid. If we want to add another user the command to use is:
# htdigest /etc/squid/user_squid WEB-PROXY <username2>
ran the command you will be asked to enter the password.
created our users, we modify the Squid configuration file with your favorite editor:
# vim /etc/squid/squid.conf
and add at the beginning of the file, the lines:
auth_param digest program /usr/lib/squid/digest_pw_auth -c /etc/squid/user_squid auth_param digest children 5 auth_param digest realm WEB-PROXY uth_param basic credentialsttl 1 minute auth_param basic casesensitive off
we add acl:
acl users proxy_auth REQUIRED
http_access allow uesrs
in this way we will enable all internet browsing only to authenticated users. While some sites only authenticate if we use
acl users proxy_auth REQUIRED
acl authurl url_regex -i "/etc/squid/authurl.txt"
http_access allow authurl users
http_access allow all
where we put in the file /etc/squid/authurl.txt all sites accessible to users who have a username and password. Useful for example, to block facebook or internal sites in all vision and enable only those users who have user password.
You can use the same configuration for Reverse Proxy, in this case the file authurl.txt insert pages or sub-domains that we want to protect with a username and password, for example:
wp-admin
wp-login.php
phpmyadmin.miodominio.com
completed our configuration squid restart or reload the configuration with the command:
# squid -k reconfigure
Now there is nothing left to view the logs of squid and verify that the authentication functions.
The next time we will see how to use utilities in mysql db with squid.