This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
авторизация_доступа_к_ресурсам_через_squid [2010/09/29 11:52] val |
авторизация_доступа_к_ресурсам_через_squid [2021/04/01 14:40] val [Debian/Ubuntu] |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Авторизация на основе ip адреса рабочей станции ===== | ===== Авторизация на основе ip адреса рабочей станции ===== | ||
- | ==== FreeBSD ==== | + | |
+ | ==== Debian/Ubuntu ==== | ||
<code> | <code> | ||
- | [gate:~] # cd /usr/local/etc/squid/ | + | gate# cat /etc/squid/deny_hosts.txt |
+ | </code><code> | ||
+ | ok\.ru | ||
+ | vk\.com | ||
</code> | </code> | ||
- | ==== Ubuntu ==== | ||
<code> | <code> | ||
- | root@gate:~# cd /etc/squid/ | + | gate# cat /etc/squid/permit_hosts.txt |
+ | </code><code> | ||
+ | microsoft\.com | ||
</code> | </code> | ||
- | ==== FreeBSD/Ubuntu ==== | ||
<code> | <code> | ||
- | gate# cat deny_hosts.txt | + | gate# cat /etc/squid/squid.conf |
- | .*odnok.* | + | </code><code> |
- | .*com\/.* | + | |
- | + | ||
- | gate# cat squid.conf | + | |
... | ... | ||
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | ||
- | ... | + | # |
- | acl our_networks src 192.168.100+X.0/24 | + | acl our_networks src 192.168.X.0/24 |
- | acl full_access src 192.168.100+X.100 127.0.0.1 | + | acl our_pppoe_networks src 192.168.100+X.0/24 |
+ | acl big_boss src 192.168.113.100 192.168.100+X.101 | ||
- | #For FreeBSD | ||
- | acl deny_hosts url_regex "/usr/local/etc/squid/deny_hosts.txt" | ||
- | #For Ubuntu | ||
acl deny_hosts url_regex "/etc/squid/deny_hosts.txt" | acl deny_hosts url_regex "/etc/squid/deny_hosts.txt" | ||
+ | acl permit_hosts url_regex "/etc/squid/permit_hosts.txt" | ||
- | http_access allow full_access | + | http_access allow big_boss |
- | http_access allow our_networks !deny_hosts | + | http_access allow our_pppoe_networks !deny_hosts |
+ | http_access allow our_networks permit_hosts | ||
... | ... | ||
+ | </code><code> | ||
+ | gate# squid -k check | ||
- | gate# squid -k check | ||
gate# squid -k reconfigure | gate# squid -k reconfigure | ||
</code> | </code> | ||
===== Авторизация на основе имени пользователя ===== | ===== Авторизация на основе имени пользователя ===== | ||
+ | |||
<code> | <code> | ||
- | gate# cat squid.conf | + | gate# cat /etc/squid/conf.d/my.conf |
- | ... | + | </code><code> |
- | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | + | |
... | ... | ||
- | # Access for all success authentificated users | ||
#acl inetuser proxy_auth REQUIRED | #acl inetuser proxy_auth REQUIRED | ||
- | + | acl inetuser proxy_auth user1@CORP13.UN user2@CORP13.UN | |
- | # Ассеss for users from list | + | #acl inetuser proxy_auth_regex "/etc/squid/group1.acl" |
- | #acl inetuser proxy_auth user1@CORPX.UN user2@CORPX.UN ... | + | |
- | + | ||
- | # Ассеss for users from file | + | |
- | acl inetuser proxy_auth_regex "/etc/squid/group1.txt" | + | |
http_access allow inetuser | http_access allow inetuser | ||
- | http_access deny all | ||
</code> | </code> | ||
Line 62: | Line 58: | ||
==== Для file, nis, ldap авторизации ==== | ==== Для file, nis, ldap авторизации ==== | ||
<code> | <code> | ||
- | gate# members group1 | tr " " "\n" > /etc/squid/group1.txt | + | gate# getent group group1 | cut -f4 -d: | tr "," "\n" | tee /etc/squid/group1.acl |
- | + | ||
- | gate# pw groupshow group1 | cut -f4 -d: | tr "," "\n" > /usr/local/etc/squid/squid.conf | + | |
gate# squid -k reconfigure | gate# squid -k reconfigure | ||
Line 71: | Line 65: | ||
==== Для winbind авторизации ==== | ==== Для winbind авторизации ==== | ||
<code> | <code> | ||
- | gate# ntlm_auth --username=user1 --require-membership-of=CORPX\\group2 | + | gate# ntlm_auth --username=user1 --require-membership-of=CORPX\\group1 |
</code> | </code> |