This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
авторизация_доступа_к_ресурсам_через_squid [2020/11/12 10:47] val |
авторизация_доступа_к_ресурсам_через_squid [2021/10/14 11:18] val [Debian/Ubuntu] |
||
---|---|---|---|
Line 8: | Line 8: | ||
gate# cat /etc/squid/deny_hosts.txt | gate# cat /etc/squid/deny_hosts.txt | ||
</code><code> | </code><code> | ||
- | .*ok\.ru.* | + | ok\.ru |
- | .*vk\.com.* | + | vk\.com |
</code> | </code> | ||
Line 15: | Line 15: | ||
gate# cat /etc/squid/permit_hosts.txt | gate# cat /etc/squid/permit_hosts.txt | ||
</code><code> | </code><code> | ||
- | .*microsoft\.com.* | + | microsoft\.com |
</code> | </code> | ||
Line 31: | Line 31: | ||
acl permit_hosts url_regex "/etc/squid/permit_hosts.txt" | acl permit_hosts url_regex "/etc/squid/permit_hosts.txt" | ||
+ | # order is important | ||
http_access allow big_boss | http_access allow big_boss | ||
http_access allow our_pppoe_networks !deny_hosts | http_access allow our_pppoe_networks !deny_hosts | ||
Line 43: | Line 44: | ||
===== Авторизация на основе имени пользователя ===== | ===== Авторизация на основе имени пользователя ===== | ||
- | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [gate:~] # cd /usr/local/etc/squid/ | + | gate# cat /etc/squid/conf.d/my.conf |
- | </code> | + | |
- | + | ||
- | ==== Ubuntu ==== | + | |
- | <code> | + | |
- | root@gate:~# cd /etc/squid/ | + | |
- | </code> | + | |
- | + | ||
- | ==== FreeBSD/Ubuntu ==== | + | |
- | <code> | + | |
- | gate# cat squid.conf | + | |
</code><code> | </code><code> | ||
... | ... | ||
- | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | ||
- | ... | ||
- | # Access for all success authentificated users | ||
#acl inetuser proxy_auth REQUIRED | #acl inetuser proxy_auth REQUIRED | ||
- | + | acl inetuser proxy_auth user1@CORP13.UN user2@CORP13.UN | |
- | # Ассеss for users from list | + | #acl inetuser proxy_auth_regex "/etc/squid/group1.acl" |
- | #acl inetuser proxy_auth user1@CORPX.UN user2@CORPX.UN ... | + | |
- | + | ||
- | # Ассеss for users from file | + | |
- | #acl inetuser proxy_auth_regex "/etc/squid3/group1.acl" | + | |
- | #acl inetuser proxy_auth_regex "/usr/local/etc/squid/group1.acl" | + | |
http_access allow inetuser | http_access allow inetuser | ||
- | http_access deny all | ||
- | ... | ||
</code> | </code> | ||
Line 79: | Line 59: | ||
==== Для file, nis, ldap авторизации ==== | ==== Для file, nis, ldap авторизации ==== | ||
<code> | <code> | ||
- | gate# getent group group1 | cut -f4 -d: | tr "," "\n" > group1.acl | + | gate# getent group group1 | cut -f4 -d: | tr "," "\n" | tee /etc/squid/group1.acl |
gate# squid -k reconfigure | gate# squid -k reconfigure |