www.linuxexpert.ro

Tutorials

  • Home
  • BGP Tutorials
    • Remove private AS
  • cPanel Tutorials
    • Install ImageMagick on cPanel
    • Install Softaculous
  • Linux Tutorials
    • Auto-reboot Linux after kernel panic
    • Building a firewall with Iptables
    • Change array RAID 1 disk order
    • Configure ntfs-3g on Linux Slackware
    • DHCP Option Codes
    • DansGuardian with Squid and ClamAV
    • Fetchmail for Gmail accounts
    • Install Zend & APC PHP Optimizers
    • Install Atheros AR242x PCI Express Adapter
    • Install awstats with DirectAdmin
    • Install DBD::mysql via CPAN shell
    • Install DjbDNS on Ubuntu
    • Installing fail2ban on Centos 5
    • Install GoDaddy SSL Certificate
    • Install i386 packages under x86_64
    • Install Linux via USB flashdrive
    • Install ModSecurity2 on Apache2.0.x
    • Install Nginx on CentOS
    • Install webalizer with ispconfig
    • Install intel A/B/G/N wireless on linux
    • Kernel Upgrade
    • Mobile phone access via bluetooth
    • Optimize MySQL
    • Optimize Qmail
    • Optimize server load
    • Optimize and Tune Apache for performance
    • Optimize and Tune Nginx for performance
    • Perfect Mailserver on Debian
    • Pidgin "Now Playing" Status Message
    • PHP hardening
    • PHP hardening with Suhosin
    • PHP5 Support allong with PHP4
    • Previewing your site before making DNS changes
    • Proxy Auto Configuration
    • PXE boot install rescue
    • Setup awstats on CentOS
    • Setup EC2 Amazon L2TP IPSec VPN
    • Setup email piping with Qmail
    • Setup Exim with DKIM
    • Setup Exim smart relay with cPanel
    • Setup OpenVPN
    • Setup postfix on nonstandard port
    • Setup SS5 Socks Proxy
    • Setup vsftp with no shell access
    • Sendmail smart relay with gmail auth
    • Squid proxy NCSA authentication
    • Tcpdump filters
    • Upgrade PHP to 5.3 in Plesk 10
    • Useful regular expressions
    • X with [SiS] 771/671 VGA controller
  • Joomla Tutorials
    • Hardening Joomla
    • Module Positions
    • Remove Joomla description meta tag
  • Looking Glasses
  • Optimize Firefox
  • Security
    • Crack WiFi WEP passwords
    • Defend against UDP isc.org DNS query DDOS
    • Detect DDoS attack
    • Remove malware from web sites
    • Sniff SSL passwords with ettercap
    • Snort2BGP
    • Track Hackers
    • What Is My IP
  • Troubleshooting
    • Grub error no such disk
    • named dumping master file: tmp-XXXXXXXXXX: open: permission denied
    • Nginx 413 Request Entity Too Large
    • SSH conection closed by remote host
    • Troubleshooting sis190.c
  • Unix Tutorials
    • FreeBSD reset root password
    • Installing snort on OpenBSD
    • Unix Toolbox
  • Virtualization Tutorials
    • Convert VirtualBox image to VMWare
    • VMware SNMP Enable
  • VoIP Tutorials
    • Install Elastix
    • Qos for Asterisk

Who's Online

We have 8 guests and no members online

Most Read

  • Setup SS5 Socks Proxy
  • Install webalizer with ispconfig
  • Sniff SSL passwords with ettercap
  • __404__
  • Optimize and Tune Apache for performance

Products and Services

  • Home
  • Linux Products and Services
  • Buy VPN Account
  • Privacy Policy for Linuxexpert
  • Remove malware

Squid proxy NCSA authentication

  • Print
  • Email
Details
Parent Category: Tutorials
Published: 18 March 2009
Hits: 10589

 

In this tutorial I'll show you how to install Squid With Simple Authentication (NCSA).

For fine control you may need to use Squid proxy server authentication. This will only allow authorized users to use proxy server.

You need to use proxy_auth ACLs to configure ncsa_auth module. Browsers send the user's authentication in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.

However squid is not equipped with password authentication. You need to take help of authentication helpers. Following are included by default in most squid and most Linux distros:

=> NCSA: Uses an NCSA-style username and password file.
=> LDAP: Uses the Lightweight Directory Access Protocol
=> MSNT: Uses a Windows NT authentication domain.
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
=> SMB: Uses a SMB server like Windows NT or Samba.
=> getpwam: Uses the old-fashioned Unix password file.
=> SASL: Uses SALS libraries.
=> NTLM, Negotiate and Digest authentication
Configure an NCSA-style username and password authentication
I am going to assume that squid is installed and working fine.
Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization  
Step # 1: Create a username/password
First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1
Output:
New password:
Re-type new password:
Adding password for user user1
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd
Step # 2: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
Step # 3: Configure nsca_auth for squid proxy authentication
Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the file.
Where,
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
auth_param basic children 5 : The number of authenticator processes to spawn.
auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
Restart squid:
# /etc/init.d/squid restart
Now user is prompted for username and password.
Hide your real ip:
Squid proxy server has directive called forwarded_for. If set, Squid will include your system's IP address or name in the HTTP requests it forwards. By default it looks like
this:
X-Forwarded-For: 192.168.0.x
If you disable this, it will appear as
X-Forwarded-For: unknown
Open squid.conf file:
# vi squid.conf
Set forwarded_for to off:
forwarded_for off
Save and close the file. Restart squid server:
# /etc/init.d/squid restart

Note:

We use Hosting and VPS Hosting, from: www.star-host.org

We like and trust them.

Good prices, high security.

fShare
Tweet