[GFW BLOG(功夫网与翻墙)] 给squid代理服务器加上密码

94 views
Skip to first unread message

GFW BLOG 功夫网与翻墙

unread,
Apr 7, 2013, 7:25:26 PM4/7/13
to journalis...@gmail.com

真的感觉自己挺失败的,代理服务器第二次被人家盗用, 都怪自己不小心, 没把服务器的防火墙加到开机启动, 同时squid的也没有去加密码认证

感觉还是要细心, 运维就是要小心细心, 于是今中午抽出点时间给squid设定下密码这样以后即使防火墙忘记关闭,也不至于被人家白白盗用去干坏事

squid的配置如下:

   # Recommended minimum configuration:  #  #  # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS  #     # Example rule allowing access from your local networks.  # Adapt localnet in the ACL section to list your (internal) IP networks  # from where browsing should be allowed  visible_hostname ad1  acl ip1  myip 192.168.1.50  tcp_outgoing_address 192.168.1.50 ip1     # Squid normally listens to port 3128  http_port 192.168.1.50:54321     # Uncomment and adjust the following to add a disk cache directory.           request_header_access Allow allow all  request_header_access Authorization allow all  request_header_access WWW-Authenticate allow all  request_header_access Proxy-Authorization allow all  request_header_access Proxy-Authenticate allow all  request_header_access Cache-Control allow all  request_header_access Content-Encoding allow all  request_header_access Content-Length allow all  request_header_access Content-Type allow all  request_header_access Date allow all  request_header_access Expires allow all  request_header_access Host allow all  request_header_access If-Modified-Since allow all  request_header_access Last-Modified allow all  request_header_access Location allow all  request_header_access Pragma allow all  request_header_access Accept allow all  request_header_access Accept-Charset allow all  request_header_access Accept-Encoding allow all  request_header_access Accept-Language allow all  request_header_access Content-Language allow all  request_header_access Mime-Version allow all  request_header_access Retry-After allow all  request_header_access Title allow all  request_header_access Connection allow all  request_header_access Proxy-Connection allow all  request_header_access User-Agent allow all  request_header_access Cookie allow all  auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/libexec/passwd  acl auth_user proxy_auth REQUIRED  http_access allow auth_user

当然这个squid是自己编译安装的,网上的都是使用yum 要么是apt-get install 安装的 所以路径不同,我们的 auth_param 路径实在/usr/local/squid/libexec 中

后面的用户名认证文件我们使用httpd-tools 工具生成的 在centos上可以使用

yum -y install httpd-tools

然后:
接着生成密码文件:

htpasswd -c /usr/local/squid/libexec/passwd user1

接下来输入二次密码,确认。

最后就ok了 , 以后做任何事情一定要小心,要细心; 相信自己随着时间 会慢慢老练起来!


原文:https://blog.4u45.com/?p=663


--
Posted By GFW BLOG 功夫网与翻墙 to GFW BLOG(功夫网与翻墙) at 4/07/2013 04:25:00 PM
Reply all
Reply to author
Forward
0 new messages