[squid-users] Help Request: How to deal with Basic Authentication
Amos Jeffries
squid3 at treenet.co.nz
Thu Sep 17 13:32:30 UTC 2020
FYI;
if this file is only accessed by the Squid auth helper (usually the
case) it should be in /etc/squid or a sub-dir under there and have the
proxy group read access (no write). Ownership should be root or an admin
account with permission to add/remove entries, Squid does not need those
permissions.
If it is shared with other systems, then there should be an appropriate
group that Squid can be added to gain read-only access for validating
the credentials in it.
Amos
On 17/09/20 11:34 pm, Wind Lee wrote:
> Thanks Amos, problems has been fixed, it's because of my passwd file
> couldn't be read by user squid, I wrongly placed it at root user's home
> directory and forgot to change its owner attributes.
>
> On 2020/9/17 6:34 PM, Amos Jeffries wrote:
>> I see Squid being told to accept valid credentials. What about missing
>> ones? invalid ones? garbage credentials?
>>
>> Best practice for auth is to deny all non-valid credentials before
>> accepting.
>>
>> http_access deny !auth
>> http_access allow localnet
>>
>>
>> Amos
>>
More information about the squid-users
mailing list