Срочно нужно настроить авторизацию пользователей в SQUID
Добавлено: 23 авг 2006, 15:54
Не работает авторозация в squid.
Пытался авторизоваться с помощью ncsa_auth
Вот мой конфиг
http_port 3128
icp_port 0
#htcp_port 0
visible_hostname gate.mtz.by
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 256 Mb
cache_swap_low 90
cache_swap_high 95
maximum_object_size 8192 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
cache_dir ufs /etc/squid/var/cache 1000 16 256
cache_access_log /etc/squid/var/logs/access.log
cache_store_log none
cache_swap_log /etc/squid/var/logs/swap.log # none
emulate_httpd_log on
log_ip_on_direct on
mime_table /etc/squid/mime.conf
#useragent_log none
#referer_log none
pid_filename /etc/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
ftp_user Squid@squid-cache.org
ftp_list_width 32
ftp_passive on
#pinger_program none
dns_retransmit_interval 3 seconds
dns_nameservers 212.98.160.50 212.98.160.65
dns_testnames ya.ru
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password.squid
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl auth_lan proxy_auth REQUIRED
acl clients-ip src "/etc/squid/ip-acls/users.txt"
acl int_lan src 172.22.215.0 255.255.255.0
authenticate_cache_garbage_interval 1 hour
request_header_max_size 10 KB
request_body_max_size 0 KB
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
connect_timeout 2 minutes
request_timeout 3 minutes
client_lifetime 500 minutes
half_closed_clients off
pconn_timeout 300 seconds
ident_timeout 30 seconds
#acl snmp_acl snmp_community public
snmp_access allow snmp_acl
forwarded_for off
log_icp_queries off
#acl FTP proto FTP
#always_direct allow FTP
offline_mode off
redirector_bypass on
ie_refresh on
# acl aim_http reply_mime_type -i ^aim/http$
#acl test src "/etc/squid/ip-acls/test.txt"
acl admins src "/etc/squid/ip-acls/admins.txt"
acl speedUP src "/etc/squid/ip-acls/speedUP.txt"
acl update src 172.22.0.11
acl banners url_regex "/etc/squid/url-acls/banners.txt"
acl [пи] url_regex "/etc/squid/url-acls/StopList.txt"
acl nobanners url_regex "/etc/squid/url-acls/permitted.txt"
acl multimedia urlpath_regex -i \.mp3$ \.mpeg$ \.avi$ \.mov$ \.mpg$ \.iso$ \.mid$ \.av0$ \.bin$
acl manager proto cache_object
acl BANRZ url_regex banner reklama linkexch banpics us\.yimg\.com[\./]ad[s]?[\./]
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl ICQ_URLS url_regex "/etc/squid/url-acls/icq.txt"
acl ICQ_USERS src "/etc/squid/ip-acls/icq.txt"
acl BlackListURL url_regex "/etc/squid/url-acls/BlackList.txt"
acl unworking_hours1 time SMTWHFA 18:00-23:59
acl unworking_hours2 time SMTWHFA 00:00-06:00
#snmp_port port 3401
snmp_access allow snmp_acl localhost
snmp_access deny all
acl SSL_ports port 443 9010 #563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 8000 # http
acl Safe_ports port 8101 # http
acl Safe_ports port 8108 # http
acl Safe_ports port 8081 # http
acl Safe_ports port 8082 # http
acl Safe_ports port 8083 # http
acl Safe_ports port 8443 # BN hosting CPanel
# acl Safe_ports port 9010 # http
acl Safe_ports port 20 # ftp
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 9010 #563 # https, snews
acl CONNECT method CONNECT
http_access allow admins auth_lan
http_access allow update
http_access allow speedUP auth_lan
#http_access allow test auth_lan
http_access deny !clients-ip
http_access allow multimedia
http_access allow ICQ_URLS ICQ_USERS
http_access allow nobanners auth_lan
http_access deny [пи]
http_access deny BANRZ
http_access deny banners
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny BlackListURL
#http_reply_access deny aim_http
http_reply_access allow all
http_access allow auth_lan int_lan
http_access deny all
####################
# -= Delay Pools =-
####################
delay_pools 4
delay_class 2 2
delay_access 2 allow admins
delay_access 2 deny all
delay_parameters 2 40000/40000 -1/-1
delay_class 1 2
delay_parameters 1 100/100 -1/-1
delay_access 1 allow BlackListURL
delay_access 1 deny all
delay_class 3 2
delay_access 3 allow speedUP
delay_access 3 deny all
delay_parameters 3 30000/30000 -1/-1
delay_class 4 2
delay_access 4 allow clients-ip
delay_access 4 deny all
delay_parameters 4 -1/-1 15000/15000
####################
logfile_rotate 30
Когда запускаю squid то он ругается на следующие строки
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password.squid
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
Файл password.squid создан с помощью htpasswd
В чем сдесь проблема? Если можете подскажите....А то уж совсем замучался
Может посоветуете другой способ авторизации ....
Заранее спасибо
Пытался авторизоваться с помощью ncsa_auth
Вот мой конфиг
http_port 3128
icp_port 0
#htcp_port 0
visible_hostname gate.mtz.by
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 256 Mb
cache_swap_low 90
cache_swap_high 95
maximum_object_size 8192 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
cache_dir ufs /etc/squid/var/cache 1000 16 256
cache_access_log /etc/squid/var/logs/access.log
cache_store_log none
cache_swap_log /etc/squid/var/logs/swap.log # none
emulate_httpd_log on
log_ip_on_direct on
mime_table /etc/squid/mime.conf
#useragent_log none
#referer_log none
pid_filename /etc/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
ftp_user Squid@squid-cache.org
ftp_list_width 32
ftp_passive on
#pinger_program none
dns_retransmit_interval 3 seconds
dns_nameservers 212.98.160.50 212.98.160.65
dns_testnames ya.ru
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password.squid
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl auth_lan proxy_auth REQUIRED
acl clients-ip src "/etc/squid/ip-acls/users.txt"
acl int_lan src 172.22.215.0 255.255.255.0
authenticate_cache_garbage_interval 1 hour
request_header_max_size 10 KB
request_body_max_size 0 KB
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
connect_timeout 2 minutes
request_timeout 3 minutes
client_lifetime 500 minutes
half_closed_clients off
pconn_timeout 300 seconds
ident_timeout 30 seconds
#acl snmp_acl snmp_community public
snmp_access allow snmp_acl
forwarded_for off
log_icp_queries off
#acl FTP proto FTP
#always_direct allow FTP
offline_mode off
redirector_bypass on
ie_refresh on
# acl aim_http reply_mime_type -i ^aim/http$
#acl test src "/etc/squid/ip-acls/test.txt"
acl admins src "/etc/squid/ip-acls/admins.txt"
acl speedUP src "/etc/squid/ip-acls/speedUP.txt"
acl update src 172.22.0.11
acl banners url_regex "/etc/squid/url-acls/banners.txt"
acl [пи] url_regex "/etc/squid/url-acls/StopList.txt"
acl nobanners url_regex "/etc/squid/url-acls/permitted.txt"
acl multimedia urlpath_regex -i \.mp3$ \.mpeg$ \.avi$ \.mov$ \.mpg$ \.iso$ \.mid$ \.av0$ \.bin$
acl manager proto cache_object
acl BANRZ url_regex banner reklama linkexch banpics us\.yimg\.com[\./]ad[s]?[\./]
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl ICQ_URLS url_regex "/etc/squid/url-acls/icq.txt"
acl ICQ_USERS src "/etc/squid/ip-acls/icq.txt"
acl BlackListURL url_regex "/etc/squid/url-acls/BlackList.txt"
acl unworking_hours1 time SMTWHFA 18:00-23:59
acl unworking_hours2 time SMTWHFA 00:00-06:00
#snmp_port port 3401
snmp_access allow snmp_acl localhost
snmp_access deny all
acl SSL_ports port 443 9010 #563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 8000 # http
acl Safe_ports port 8101 # http
acl Safe_ports port 8108 # http
acl Safe_ports port 8081 # http
acl Safe_ports port 8082 # http
acl Safe_ports port 8083 # http
acl Safe_ports port 8443 # BN hosting CPanel
# acl Safe_ports port 9010 # http
acl Safe_ports port 20 # ftp
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 9010 #563 # https, snews
acl CONNECT method CONNECT
http_access allow admins auth_lan
http_access allow update
http_access allow speedUP auth_lan
#http_access allow test auth_lan
http_access deny !clients-ip
http_access allow multimedia
http_access allow ICQ_URLS ICQ_USERS
http_access allow nobanners auth_lan
http_access deny [пи]
http_access deny BANRZ
http_access deny banners
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny BlackListURL
#http_reply_access deny aim_http
http_reply_access allow all
http_access allow auth_lan int_lan
http_access deny all
####################
# -= Delay Pools =-
####################
delay_pools 4
delay_class 2 2
delay_access 2 allow admins
delay_access 2 deny all
delay_parameters 2 40000/40000 -1/-1
delay_class 1 2
delay_parameters 1 100/100 -1/-1
delay_access 1 allow BlackListURL
delay_access 1 deny all
delay_class 3 2
delay_access 3 allow speedUP
delay_access 3 deny all
delay_parameters 3 30000/30000 -1/-1
delay_class 4 2
delay_access 4 allow clients-ip
delay_access 4 deny all
delay_parameters 4 -1/-1 15000/15000
####################
logfile_rotate 30
Когда запускаю squid то он ругается на следующие строки
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password.squid
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
Файл password.squid создан с помощью htpasswd
В чем сдесь проблема? Если можете подскажите....А то уж совсем замучался
Может посоветуете другой способ авторизации ....
Заранее спасибо