авторизация_доступа_к_ресурсам_через_squid

This is an old revision of the document!


Авторизация доступа к ресурсам через SQUID

Авторизация на основе ip адреса рабочей станции

FreeBSD

[gate:~] # cd /usr/local/etc/squid/

Ubuntu

root@gate:~# cd /etc/squid/

FreeBSD/Ubuntu

gate# cat deny_hosts.txt
.*odnok.*
.*com\/.*
gate# cat squid.conf
...
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
...
acl our_networks src 192.168.100+X.0/24
acl full_access src 192.168.100+X.100 192.168.100+X.101

#For FreeBSD
acl deny_hosts url_regex "/usr/local/etc/squid/deny_hosts.txt"
#For Ubuntu
acl deny_hosts url_regex "/etc/squid/deny_hosts.txt"

http_access allow full_access
http_access allow localhost
http_access allow our_networks !deny_hosts
...
gate# squid -k check

gate# squid -k reconfigure

Авторизация на основе имени пользователя

FreeBSD/Ubuntu

gate# cat squid.conf
...
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
...
# Access for all success authentificated users
#acl inetuser proxy_auth REQUIRED

# Ассеss for users from list
#acl inetuser proxy_auth user1@CORPX.UN user2@CORPX.UN ...

# Ассеss for users from file
#acl inetuser proxy_auth_regex "/etc/squid/group1.acl"
#acl inetuser proxy_auth_regex "/usr/local/etc/squid/group1.acl"

http_access allow inetuser
http_access deny all
...

Авторизация на основе членства в группе

Для file, nis, ldap авторизации

gate# members group1 | tr " " "\n" > /etc/squid/group1.acl

gate# pw groupshow group1 | cut -f4 -d: | tr "," "\n" > /usr/local/etc/squid/group1.acl

gate# squid -k reconfigure

Для winbind авторизации

gate# ntlm_auth --username=user1 --require-membership-of=CORPX\\group1
авторизация_доступа_к_ресурсам_через_squid.1328100355.txt.gz · Last modified: 2013/05/22 13:50 (external edit)