Linux proxy with authentication

How to set up a squid Proxy with basic username and password authentication? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Here is another example how to setup Squid3 with a htdigest style authentication: dabase.com/blog/Minimal_squid3_proxy_configuration

here is a complete guide for Squid3 installation and configuration with authentication hevi.info/2015/09/…

1 Answer 1

Here’s what I had to do to setup basic auth on Ubuntu 14.04 (didn’t find a guide anywhere else)

Basic squid conf

/etc/squid3/squid.conf instead of the super bloated default config file

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords auth_param basic realm proxy acl authenticated proxy_auth REQUIRED http_access allow authenticated # Choose the port you want. Below we set it to default 3128. http_port 3128 

Please note the basic_ncsa_auth program instead of the old ncsa_auth

squid 2.x

For squid 2.x you need to edit /etc/squid/squid.conf file and place:

auth_param basic program /usr/lib/squid/digest_pw_auth /etc/squid/passwords auth_param basic realm proxy acl authenticated proxy_auth REQUIRED http_access allow authenticated 

Setting up a user

sudo htpasswd -c /etc/squid3/passwords username_you_like 

and enter a password twice for the chosen username then

sudo service squid3 restart 

squid 2.x

sudo htpasswd -c /etc/squid/passwords username_you_like 

and enter a password twice for the chosen username then

sudo service squid restart 

htdigest vs htpasswd

For the many people that asked me: the 2 tools produce different file formats:

• htdigest stores the password in plain text.
• htpasswd stores the password hashed (various hashing algos are available)

Despite this difference in format basic_ncsa_auth will still be able to parse a password file generated with htdigest . Hence you can alternatively use:

sudo htdigest -c /etc/squid3/passwords realm_you_like username_you_like 

Beware that this approach is empirical, undocumented and may not be supported by future versions of Squid.

On Ubuntu 14.04 htdigest and htpasswd are both available in the [apache2-utils][1] package.

MacOS

Similar as above applies, but file paths are different.

brew services start squid 

Squid config file is stored at /usr/local/etc/squid.conf .

Comment or remove following line:

http_access allow localnet 

Then similar to linux config (but with updated paths) add this:

auth_param basic program /usr/local/Cellar/squid/4.8/libexec/basic_ncsa_auth /usr/local/etc/squid_passwords auth_param basic realm proxy acl authenticated proxy_auth REQUIRED http_access allow authenticated 

Note that path to basic_ncsa_auth may be different since it depends on installed version when using brew , you can verify this with ls /usr/local/Cellar/squid/ . Also note that you should add the above just bellow the following section:

# # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # 

Now generate yourself a user:password basic auth credential (note: htpasswd and htdigest are also both available on MacOS)

htpasswd -c /usr/local/etc/squid_passwords username_you_like 

Restart the squid service

brew services restart squid 

Источник

Setup Squid Proxy Authentication on Ubuntu 18.04/Fedora 29/28/CentOS 7

Welcome to our guide on how to setup Squid Proxy Authentication on Ubuntu 18.04/Fedora 29/28/CentOS 7 with username and password.

Setup Squid Proxy Authentication on Ubuntu 18.04/Fedora 29/28/CentOS 7

In order to setup Squid proxy authentication on Ubuntu 18.04/Fedora 29/28/CentOS 7 with a basic username and password, you need to make a few adjustments on the squid configuration file as follows;

Generate Squid Proxy Authentication Passwords

htpasswd and htdigest are two tools that can be used to generate proxy user authentication passwords. While htpasswd encrypts the passwords and store them in a hashed format, htdigest stores the passwords in plain text hence insecure. In this guide, we are going to use htpasswd utility.

In order to use htpasswd, you need to have httpd/apache2-utils installed. To install it;

sudo apt-get install apache2-utils

sudo yum install httpd-tools

Once it is installed, run the commands below to generate the password for users to authenticate.

htpasswd -c /etc/squid/.squid_users amos

New password: ENTER PASS Re-type new password: ENTER PASS Adding password for user amos

This creates a password for user amos and store it under /etc/squid/.squid_users .

To add more users, you need to remove option -c from the htpasswd command for example;

htpasswd /etc/squid/.squid_users john

New password: Re-type new password: Adding password for user john

When you check the password file, there are now two users with their encrypted passwords;

less /etc/squid/.squid_users

amos:$apr1$IyfTZICg$2fPImX5o14XC2KPF1kZWv/ john:$apr1$5o0XKeto$m6c5B5KK5ZAK/7A/VIgYB/

The squid user should be able to read this file. Therefore run the command below to set proper permissions;

chown squid /etc/squid/.squid_users

Verify that the usernames and passwords provide works fine with Squid proxy.

For every correct entry, you should see OK displayed as shown below;

/usr/lib64/squid/basic_ncsa_auth /etc/squid/.squid_users 

amos password OK john password OK

Configure Squid Proxy Authentication

Since all seems fine, proceed to setup squid proxy basic authentication.

Open the squid configuration file for editing and add the following lines.

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.squid_users auth_param basic children 5 auth_param basic realm Proxy Authentication Required auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl auth_users proxy_auth amos john http_access allow auth_users

As a brief overview of the lines set above;

• The first line tells the Squid to use the basic_ncsa_auth helper program and find the usernames and password in /etc/squid/.squid_users file.
• The line auth_param basic children 5 specifies the maximum number of squid authenticator processes to spawn.
• auth_param basic realm specifies the protection scope which is to be reported to the client for the authentication scheme.
• auth_param basic credentialsttl 2 hours specifies how long squid assumes an externally validated username:password pair is valid for
• auth_param basic casesensitive off specifies if usernames are case sensitive.
• acl auth_users proxy_auth amos john defines Squid authentication ACL for users that are allowed to authenticate.

Once you are done with configurations, save the file and restart squid.

Configure your client to use authenticate vai squid proxy server as described in our previous article.

From the client side, if you try to access the internet via browser, you will be prompted to authenticate. See screenshot below;

When you authenticate properly, you will be able to access the internet on browser.

If you try to download a file using wget, you will be prompted to authenticate;

--2018-12-19 00:38:21-- http://google.com/ Connecting to 192.168.43.69:3128. connected. Proxy request sent, awaiting response. 407 Proxy Authentication Required 2018-12-19 00:38:21 ERROR 407: Proxy Authentication Required.

wget --proxy-user=amos --proxy-password=password google.com

--2018-12-19 00:39:36-- http://google.com/ Connecting to 192.168.43.69:3128. connected. Proxy request sent, awaiting response. 301 Moved Permanently Location: http://www.google.com/ [following] --2018-12-19 00:39:37-- http://www.google.com/ Reusing existing connection to 192.168.43.69:3128. Proxy request sent, awaiting response. 200 OK Length: unspecified [text/html] Saving to: ‘index.html.8’ index.html.8 [ ] 11.72K --.-KB/s in 0.1s 2018-12-19 00:39:38 (97.6 KB/s) - ‘index.html.8’ saved [12001]

Well, there you go. You have successfully setup Squid proxy authentication on Ubuntu 18.04/Fedora29/28/CentOS 7 with username and password. In our next tutorial, we are going to learn how to integrate Squid proxy with LDAP servers for centralized authentication. Thank you for passing by. We hope this was informative.

Hey, want to learn how to set system wide proxy settings on Ubuntu 18.04? You can catch that by following the link below;

Источник

How do I configure proxy and proxy authentication in Linux?

Online there are many post which tell different ways to add proxy in Linux . but i want to know best way add proxy and proxy authentication in Linux specially Linux mint . because i already try / etc/apt/apt.conf to add or /etc/apt/apt.conf.d/environment but my terminal doesn’t connect so does Firefox . there are network setting option where we can proxy that also doesn’t work.

1 Answer 1

1 : Open a terminal window and type the following command

sudo gedit /etc/environment 

2 : Copy the following lines in your /etc/environment file and modify accordingly.

 http_proxy=http://user:password@proxy:port/ https_proxy=http://user:password@proxy:port/ ftp_proxy=http://user:password@proxy:port/ no_proxy="localhost,127.0.0.1" HTTP_PROXY=http://user:password@proxy:port/ HTTPS_PROXY=http://user:password@proxy:port/ FTP_PROXY=http://user:password@proxy:port/ NO_PROXY="localhost,127.0.0.1" 

3 : save your changes and log-out and log-in.

4 : If your apt-get command is still not able to access internet,execute

sudo gedit /etc/apt/apt.conf.d/95proxies 

and copy the following lines and modify accordingly

Acquire::http::proxy "http://user:password@proxy:port/"; Acquire::ftp::proxy "ftp://user:password@proxy:port/"; Acquire::https::proxy "https://user:password@proxy:port/"; 

5 : once again save your changes and log-out and log-in.

P.S : You may have to delete /etc/apt/apt.conf.d/environment . It is not a place to store the environment variables. Moreover there is no such file on my system.

Источник