Loading...
X

How to configure Squid proxy to work with multiple users

For example, the task is to organize the work of Squid with several users, each of which received an IP address (the same for all) and a port number (individual for each user) as proxy settings. Also, users have an individual username and password. The server has several external IP (in this case, IPv6) addresses, you need to make sure that each of the users goes to an individual IP address.

Let's say at the input we have 127.0.0.1:1000:test1:pass1, and at the output 2a02:f680:1:1100::3d60.

And at the input 127.0.0.1:1001:test2:pass2 and at the output 2a02:f680:1:1100::3d61.

Solution:

We start by filling in user credentials (see also “How to configure HTTP Digest Authentication in Squid”):

sudo htpasswd -c /etc/squid/passwd test1
sudo htpasswd /etc/squid/passwd test2

In the following config file, you need to replace:

  • usernames to names of your choice
  • indicate the desired ports
  • indicate the desired IPv6 or IPv4 addresses both for listening and as outgoing addresses
  • duplicate similar entries for each username (port, IP address)

Content of my /etc/squid/squid.conf file:

# Authentication settings
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on
auth_param basic realm Squid proxy for HackWare.ru
 
Listening ports
http_port 185.117.153.79:1000
http_port 185.117.153.79:1001
 
# For each port, create an acl with the localport type
acl portA localport 1000
acl portB localport 1001
 
# Link ports and IP addresses
tcp_outgoing_address 2a02:f680:1:1100::3d60 portA
tcp_outgoing_address 2a02:f680:1:1100::3d61 portB

# For each user, create an acl with the proxy_auth type
acl test1_user proxy_auth test1
acl test2_user proxy_auth test2

# Allow two acl bindings to access:
# user test1 and port 1000
# user test2 and port 1001
http_access allow test1_user portA
http_access allow test2_user portB

Continue reading:


Leave Your Observation

Your email address will not be published.