User Tools
авторизация_доступа_к_ресурсам_через_squid
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
авторизация_доступа_к_ресурсам_через_squid [2020/11/12 10:47] val |
авторизация_доступа_к_ресурсам_через_squid [2021/10/14 11:18] val [Debian/Ubuntu] |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| gate# cat /etc/squid/deny_hosts.txt | gate# cat /etc/squid/deny_hosts.txt | ||
| </code><code> | </code><code> | ||
| - | .*ok\.ru.* | + | ok\.ru |
| - | .*vk\.com.* | + | vk\.com |
| </code> | </code> | ||
| Line 15: | Line 15: | ||
| gate# cat /etc/squid/permit_hosts.txt | gate# cat /etc/squid/permit_hosts.txt | ||
| </code><code> | </code><code> | ||
| - | .*microsoft\.com.* | + | microsoft\.com |
| </code> | </code> | ||
| Line 31: | Line 31: | ||
| acl permit_hosts url_regex "/etc/squid/permit_hosts.txt" | acl permit_hosts url_regex "/etc/squid/permit_hosts.txt" | ||
| + | # order is important | ||
| http_access allow big_boss | http_access allow big_boss | ||
| http_access allow our_pppoe_networks !deny_hosts | http_access allow our_pppoe_networks !deny_hosts | ||
| Line 43: | Line 44: | ||
| ===== Авторизация на основе имени пользователя ===== | ===== Авторизация на основе имени пользователя ===== | ||
| - | ==== FreeBSD ==== | ||
| <code> | <code> | ||
| - | [gate:~] # cd /usr/local/etc/squid/ | + | gate# cat /etc/squid/conf.d/my.conf |
| - | </code> | + | |
| - | + | ||
| - | ==== Ubuntu ==== | + | |
| - | <code> | + | |
| - | root@gate:~# cd /etc/squid/ | + | |
| - | </code> | + | |
| - | + | ||
| - | ==== FreeBSD/Ubuntu ==== | + | |
| - | <code> | + | |
| - | gate# cat squid.conf | + | |
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | ||
| - | ... | ||
| - | # Access for all success authentificated users | ||
| #acl inetuser proxy_auth REQUIRED | #acl inetuser proxy_auth REQUIRED | ||
| - | + | acl inetuser proxy_auth user1@CORP13.UN user2@CORP13.UN | |
| - | # Ассеss for users from list | + | #acl inetuser proxy_auth_regex "/etc/squid/group1.acl" |
| - | #acl inetuser proxy_auth user1@CORPX.UN user2@CORPX.UN ... | + | |
| - | + | ||
| - | # Ассеss for users from file | + | |
| - | #acl inetuser proxy_auth_regex "/etc/squid3/group1.acl" | + | |
| - | #acl inetuser proxy_auth_regex "/usr/local/etc/squid/group1.acl" | + | |
| http_access allow inetuser | http_access allow inetuser | ||
| - | http_access deny all | ||
| - | ... | ||
| </code> | </code> | ||
| Line 79: | Line 59: | ||
| ==== Для file, nis, ldap авторизации ==== | ==== Для file, nis, ldap авторизации ==== | ||
| <code> | <code> | ||
| - | gate# getent group group1 | cut -f4 -d: | tr "," "\n" > group1.acl | + | gate# getent group group1 | cut -f4 -d: | tr "," "\n" | tee /etc/squid/group1.acl |
| gate# squid -k reconfigure | gate# squid -k reconfigure | ||
авторизация_доступа_к_ресурсам_через_squid.txt · Last modified: 2023/03/18 20:20 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
