[英]Basic Authentication in Squid Server(behind NAT) over internet
I have googled for "basic authentication not working over internet in squid server" kind of searches with no appropriate answer for my problem. 我已经搜索了“基本身份验证无法通过互联网在squid服务器上工作”的搜索类型没有适当的答案我的问题。
Here is my problem: I have set up a squid proxy server behind a firewall. 这是我的问题:我在防火墙后面设置了一个squid代理服务器。 I have forwarded a port (54321) to port 9999 where squid proxy is listening.
我已将端口(54321)转发到squid代理正在侦听的端口9999。 Now everything is fine.
现在一切都很好。 I can connect to this proxy from anywhere.
我可以从任何地方连接到这个代理。 But I needed some kind of authentication, thus enabled basic_ncsa_auth.
但我需要某种身份验证,因此启用了basic_ncsa_auth。 Now, I can access internet after authentication from my LAN computers.
现在,我可以在从LAN计算机进行身份验证后访问Internet。 Fine, everything is going as I wanted to but,
很好,一切都按照我的意愿进行,但是,
from internet I have popup for username/password (firefox), and after authentication I get "cache access denied" message from squid proxy. 来自互联网我有用户名/密码(firefox)弹出窗口,经过身份验证后,我从squid代理获得“缓存访问被拒绝”消息。
I would really appreciate if someone points me what I'm doing wrong here. 如果有人指出我在这里做错了什么,我真的很感激。
Here is my squid.conf file: 这是我的squid.conf文件:
http_port 9999
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
Network setup: Firewall static IP: Port: 54321 forwarded to Proxy server: 10.11.12.8:9999. 网络设置:防火墙静态IP:端口:54321转发到代理服务器:10.11.12.8:9999。
Does your Squid configuration permit http_reply_access? 你的Squid配置是否允许http_reply_access?
http_reply_access allow all
If your passwords are longer than 8 characters, you also need to make sure you are not using DES hashing, which is the default for the htpasswd command. 如果密码超过8个字符,则还需要确保未使用DES散列,这是htpasswd命令的默认值。
Here's how to create a new password file using the MD5 hashing algorithm: 以下是使用MD5散列算法创建新密码文件的方法:
[root@localhost ~] htpasswd -cm /tmp/passwd testuser
New password:
Re-type new password:
Adding password for user testuser
Check the contents of the file: 检查文件的内容:
[root@localhost ~] cat /tmp/password
testuser:$apr1$VxCDyltg$krZ6v7VrnULVOiuS0u6KD1
Verify password using basic_ncsa_auth: 使用basic_ncsa_auth验证密码:
[root@localhost ~] /usr/lib64/squid/basic_ncsa_auth /tmp/passwd
testuser superspurs
OK
Now verify at the CLI: 现在在CLI验证:
[root@TLABprx00 ~]# http_proxy=http://localhost:9999/ curl http://www.msftncsi.com/ncsi.txt --proxy-user testuser:superspurs
Microsoft NCSI
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.