Re: [squid-users] IP auth, simple username/pass authentication, if ip not authorized?
Yes that should do it. But to let Squid do its job against DoS and such security attacks ... On 14/04/18 17:36, xpro6000 wrote: > This should do it > Move all these custom rules between here ... > acl Allowed_IPs src "/etc/squid/Allowed_IPs.txt" > http_access allow Allowed_IPs > > auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > > acl ncsa_users proxy_auth REQUIRED > http_access allow ncsa_users > ... and here. > acl SSL_ports port 443 > acl Safe_ports port 80 > acl Safe_ports port 21 > acl Safe_ports port 443 > acl Safe_ports port 70 > acl Safe_ports port 210 > acl Safe_ports port 1025-65535 > acl Safe_ports port 280 > acl Safe_ports port 488 > acl Safe_ports port 591 > acl Safe_ports port 777 > acl CONNECT method CONNECT > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost manager > http_access deny manager ... Down to this position after the recommended aka Best Practice) security protections/rules. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] IP auth, simple username/pass authentication, if ip not authorized?
This should do it acl Allowed_IPs src "/etc/squid/Allowed_IPs.txt" http_access allow Allowed_IPs auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager #http_access allow localhost http_access deny all #http_port 3128 coredump_dir /var/spool/squid refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 On Fri, Apr 13, 2018 at 11:30 PM, xprowrote: > Right now I'm using Squid with IP based authentication. Would it be > possible to also allow the user access if their IP is not allowed, but they > provide username/pass? > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] IP auth, simple username/pass authentication, if ip not authorized?
Right now I'm using Squid with IP based authentication. Would it be possible to also allow the user access if their IP is not allowed, but they provide username/pass? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users