How to configure HTTP Digest Authentication in Squid
July 18, 2021
Basic authentication is bad because the password is actually transmitted in plain text (encoded in Base64). See the article “How to hack HTTP Basic and Digest Authentication” for details.
Therefore, it is preferable to use Digest authentication on the Squid proxy server.
Let's start by creating a file with a password hash, this is done with a command like:
sudo htdigest -c /etc/squid/passwd_digest REALM USER
REALM is a field of application. Any string can be used as a REALM, but remember that this same string will subsequently be shown in the form for entering a username and password.
An example of a command that creates a file with a password hash for the mial user:
sudo htdigest -c /etc/squid/passwd_digest 'Squid proxy for HackWare.ru' mial
Example configuration file for HTTP Digest authentication in Squid:
http_port 4080 via off cache deny all auth_param digest program /usr/lib/squid/digest_file_auth -c /etc/squid/passwd_digest auth_param digest children 5 auth_param digest credentialsttl 2 hours auth_param digest casesensitive on auth_param digest realm Squid proxy for HackWare.ru acl auth_users proxy_auth REQUIRED http_access allow auth_users http_access deny all
Pay attention to the line “auth_param digest realm Squid proxy for HackWare.ru”, in it, instead of “Squid proxy for HackWare.ru”, enter the same line that you specified when using the htdigest command.
For an explanation of the directives, see the section “Configuring HTTP Basic Authentication in Squid” above.
Note that not only has the helper program (digest_file_auth) been changed, but also the -c option is used after it, followed by the path to the file with the user's password hash. All other directives are similar to HTTP Basic authentication, except that the word “basic” is replaced with the word “digest”.
See also the Squid setup guide: How to create and configure a Squid proxy server
- How to edit the Access denied page in Squid? How to insert custom pictures and mail? (100%)
- Error “Authentication helper program /usr/lib64/squid/basic_ncsa_auth: (2) No such file or directory” (SOLVED) (92.9%)
- How Squid ACL works (92.9%)
- How to configure Squid to use IPv4 (92.9%)
- Configuring Squid Proxy with Multiple IP Addresses (92.9%)
- Comparison of performance (data transfer rate) of OpenVPN over UDP and TCP (RANDOM - 57.2%)