Suppose you want to implement Authentication in Squid Proxy Server so that people should be prompted for valid User Name and Password, before they start browsing. This can be done using following simple steps..
1. You need some program which can provide Auth Mechanism for users. Squid Server comes with NSCA Auth Program by default. You can check as below..
.
We are interested in /usr/lib64/squid/basic_ncsa_auth . This library can be used to authenticate users.
.
2. Using the htpasswd program, you can create users and password as below. Our password file is located in /etc/squid/squid.pass
.
In our case we are going to create two users as below.
.
User Password
user1 123
user2 456
3. Commands are
.
# htpasswd -bc /etc/squid/squid.pass user1 123
# htpasswd -b /etc/squid/squid.pass user2 456
.
This will create /etc/squid/squid.pass file. Make sure that it is readable by other users along with root user.
.
# chmod 644 /etc/squid/squid.pass
.
4. Now you have to edit /etc/squid/squid.conf file and add following lines.
Below are above lines explained.
.
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid.pass
This lines tells squid where Auth Program and Auth File are located.
auth_param basic children 5
There can be 5 concurrent request from client.
auth_param basic realm Magnum Squid proxy-caching web server
This is Heading for Login Dialog Box.
auth_param basic credentialsttl 2 hours
The login credentials will last for 2 hours.
auth_param basic casesensitive off
The case sensitiveness is off. User can enter password in any case.
acl ncsa_users proxy_auth REQUIRED
This tells that all users have to provide auth details.
http_access allow ncsa_users
This tells the Squid Server that http access is allowed to only given acl.
5. Make sure to place these lines at top in configuration file.
.
6. Restart the squid server as below.
.
# systemctl restart squid.service
.
7. Try to browse any web page via browser. You should be prompted as Authentication Required Screen ! as above.