Sunday, April 7, 2013

给squid代理服务器加上密码

真的感觉自己挺失败的,代理服务器第二次被人家盗用, 都怪自己不小心, 没把服务器的防火墙加到开机启动, 同时squid的也没有去加密码认证


感觉还是要细心, 运维就是要小心细心, 于是今中午抽出点时间给squid设定下密码这样以后即使防火墙忘记关闭,也不至于被人家白白盗用去干坏事


squid的配置如下: 











  # Recommended minimum configuration:  #  #  # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS  #   # Example rule allowing access from your local networks.  # Adapt localnet in the ACL section to list your (internal) IP networks  # from where browsing should be allowed  visible_hostname ad1  acl ip1  myip 192.168.1.50  tcp_outgoing_address 192.168.1.50 ip1   # Squid normally listens to port 3128  http_port 192.168.1.50:54321   # Uncomment and adjust the following to add a disk cache directory.       request_header_access Allow allow all  request_header_access Authorization allow all  request_header_access WWW-Authenticate allow all  request_header_access Proxy-Authorization allow all  request_header_access Proxy-Authenticate allow all  request_header_access Cache-Control allow all  request_header_access Content-Encoding allow all  request_header_access Content-Length allow all  request_header_access Content-Type allow all  request_header_access Date allow all  request_header_access Expires allow all  request_header_access Host allow all  request_header_access If-Modified-Since allow all  request_header_access Last-Modified allow all  request_header_access Location allow all  request_header_access Pragma allow all  request_header_access Accept allow all  request_header_access Accept-Charset allow all  request_header_access Accept-Encoding allow all  request_header_access Accept-Language allow all  request_header_access Content-Language allow all  request_header_access Mime-Version allow all  request_header_access Retry-After allow all  request_header_access Title allow all  request_header_access Connection allow all  request_header_access Proxy-Connection allow all  request_header_access User-Agent allow all  request_header_access Cookie allow all  auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/libexec/passwd  acl auth_user proxy_auth REQUIRED  http_access allow auth_user


当然这个squid是自己编译安装的,网上的都是使用yum 要么是apt-get install 安装的 所以路径不同,我们的 auth_param 路径实在/usr/local/squid/libexec 中


后面的用户名认证文件我们使用httpd-tools 工具生成的 在centos上可以使用











yum -y install httpd-tools


然后:

接着生成密码文件:











htpasswd -c /usr/local/squid/libexec/passwd user1


接下来输入二次密码,确认。


最后就ok了 , 以后做任何事情一定要小心,要细心; 相信自己随着时间 会慢慢老练起来!


原文:https://blog.4u45.com/?p=663








via 细节的力量 https://xijie.wordpress.com/2013/04/08/%e7%bb%99squid%e4%bb%a3%e7%90%86%e6%9c%8d%e5%8a%a1%e5%99%a8%e5%8a%a0%e4%b8%8a%e5%af%86%e7%a0%81/
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)