Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How do I: Setup Squid with user authentication and restricted sites
#1
Information 
Well my lab in the Western Cape isn't centralized yet (Thank goodness), but I've started experiencing some difficulties with my proxy server Freeproxy after a few users connect to the internet the proxy server fail to respond and I need to restart it.

I decided to try out squid and got it running with basic functions, but I'm in need of some tweaking to my config file that I'm not capable of doing.

I've searched the internet and found some examples so it is possible but I couldnt get it working

I need to add a basic authentication option for users with two accounts named
Admin - For teachers
Students - for the learners

but by doing so I also need to restrict some websites and content from the student account but leave the Admin account unrestricted from the sites to access.

I realize that this might be above most teachers pay grade but just maybe someone in here might have the experience needed for this

If someone could help I would appreciate it.

I will attach my current config code below, must say seems like the internet seems way more stable running squid now

Code:
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed



acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT



#______________________________________________
# Following will assign the outgoing ip binding

#Format:
#________________________________
#acl ACL_NAME myip IP
        #tcp_outgoing_address 10.4.236.240 myip
#________________________________
#ACL_NAME is a name of your ACL. You can pickup any name you want, keeping in mind that you cannot use spaces and special characters.
#IP is the IP you want to bind in your Squid multiple IPs configuration.
        #acl out-going myip 10.4.236.240
        #tcp_outgoing_address 10.4.236.240 myip


#Define the DNS servers used on the network:
        #dns_nameservers 10.0.241.226






cache_peer 10.0.241.226 parent 3128 0 no-query no-digest
never_direct allow all




#
# Recommended minimum Access Permission configuration:
#

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 8080

# Uncomment the line below to enable disk caching - path format is /cygdrive/<full path to cache folder>, i.e.
#cache_dir aufs /cygdrive/d/squid/cache 7000 16 256


# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320



max_filedescriptors 3200
B.Ed FET: RTT, Rekeningkunde (CPUT, Wellington)

Bied tans aan:
  • RTT 11 - 12
  • NW 8 - 9
  • SW(Geo + Gesk) 5
Reply




Users browsing this thread: 1 Guest(s)