subject:"\[squid\-users\] IP auth, simple username\/pass authentication, if ip not authorized\?"

Re: [squid-users] IP auth, simple username/pass authentication, if ip not authorized?

2018-04-14 Thread Amos Jeffries

Yes that should do it. But to let Squid do its job against DoS and such
security attacks ...

On 14/04/18 17:36, xpro6000 wrote:
> This should do it
> 

Move all these custom rules between here ...

> acl Allowed_IPs src "/etc/squid/Allowed_IPs.txt"
> http_access allow Allowed_IPs
> 
> auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> 
> acl ncsa_users proxy_auth REQUIRED
> http_access allow ncsa_users
> 

... and here.


> acl SSL_ports port 443
> acl Safe_ports port 80
> acl Safe_ports port 21
> acl Safe_ports port 443
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager

... Down to this position after the recommended aka Best Practice)
security protections/rules.

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] IP auth, simple username/pass authentication, if ip not authorized?

2018-04-13 Thread xpro6000

This should do it

acl Allowed_IPs src "/etc/squid/Allowed_IPs.txt"
http_access allow Allowed_IPs

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
#http_access allow localhost
http_access deny all
#http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320

On Fri, Apr 13, 2018 at 11:30 PM, xpro  wrote:

> Right now I'm using Squid with IP based authentication. Would it be
> possible to also allow the user access if their IP is not allowed, but they
> provide username/pass?
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] IP auth, simple username/pass authentication, if ip not authorized?

2018-04-13 Thread xpro

Right now I'm using Squid with IP based authentication. Would it be 
possible to also allow the user access if their IP is not allowed, but 
they provide username/pass?


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] IP auth, simple username/pass authentication, if ip not authorized?

Re: [squid-users] IP auth, simple username/pass authentication, if ip not authorized?

[squid-users] IP auth, simple username/pass authentication, if ip not authorized?

3 matches

Site Navigation

Mail list logo

Footer information