[squid-users] IP auth, simple username/pass authentication, if ip not authorized?
Amos Jeffries
squid3 at treenet.co.nz
Sat Apr 14 06:06:02 UTC 2018
Yes that should do it. But to let Squid do its job against DoS and such
security attacks ...
On 14/04/18 17:36, xpro6000 wrote:
> This should do it
>
Move all these custom rules between here ...
> acl Allowed_IPs src "/etc/squid/Allowed_IPs.txt"
> http_access allow Allowed_IPs
>
> auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
>
> acl ncsa_users proxy_auth REQUIRED
> http_access allow ncsa_users
>
... and here.
> acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager
... Down to this position after the recommended aka Best Practice)
security protections/rules.
Amos
More information about the squid-users
mailing list