【问题标题】:SQUID: How to disable authentication?SQUID:如何禁用身份验证?
【发布时间】:2013-11-07 05:18:22
【问题描述】:

我有一个可工作的 Squid 进行身份验证。如何暂时禁用身份验证?我可以从 squid.conf 中注释掉以下几行吗:

acl ncsa_users proxy_auth REQUIRED

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialstt1 2 hours
auth_param basic casesensitive off

或者,我可以只禁用 acl 组的身份验证吗?

提前谢谢你

【问题讨论】:

    标签: linux authentication squid


    【解决方案1】:

    我解决了..我只是注释掉了

    #auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd

    然后注释掉 acl ncsa_users proxy_auth REQUIRED

    #acl ncsa_users proxy_auth REQUIRED

    acl ncsa_users dst 10.244.0.0/16 全部

    然后重启squid

    我希望有人会觉得这很有用。

    【讨论】:

    • squid 根本不以上面开始
    【解决方案2】:

    尝试:

    评论:

    #acl ncsa_users proxy_auth REQUIRED
    #auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd auth_param basic
    #children 5 auth_param basic realm Squid proxy-caching web server auth_param basic  
    #credentialstt1 2 hours auth_param basic casesensitive off
    

    并修改:

    http_access deny all
    

    到:

    http_access allow all 
    

    【讨论】:

    • squid 在您的更改后无法启动。
    【解决方案3】:

    这对我有用,只允许使用 squid 定义的 IP

    ######################## Begin SQUID Config ########################
    dns_v4_first on
    dns_nameservers 8.8.8.8 8.8.4.4
    # should be allowed
    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
    acl Safe_ports port 1-65535 # unregistered ports
    acl allowed_user1 src  182.0.0.0/12  all
    acl allowed_user2 src  182.1.0.0/12 all
    acl allowed_user3 src  114.120.0.0/12  all
    acl allowed_user4 src  114.124.0.0/12  all
    acl allowed_user5 src  114.125.0.0/12  all
    acl allowed_user6 src  114.127.0.0/12  all
    acl allowed_user7 src  202.3.0.0/12  all
    acl CONNECT method CONNECT
    http_port 8080
    http_access allow allowed_user1
    http_access allow allowed_user2
    http_access allow allowed_user3
    http_access allow allowed_user4
    http_access allow allowed_user5
    http_access allow allowed_user6
    http_access allow allowed_user7
    
    # visible_hostname 192.168.1.1
    ### disable cache ###
    cache deny all
    ### Anonymizing traffic ###
    forwarded_for delete
    request_header_access X-Forwarded-For deny all
    request_header_access Via  deny all
    ############## END squid3 CONFIG ###################
    

    【讨论】:

      【解决方案4】:

      #file /etc/squid/squid.conf

      #squid 版本 3.5.27

      #操作系统ubuntu 18.4

      #last update 20201221

      #cloud aws ec2

      #aws ec2 安全组所有流量开放入站和出站

      http_access 允许所有

      http_port 3128

      acl SSL_ports 端口 443

      acl Safe_ports 端口 80 # http

      acl Safe_ports 端口 21 # ftp

      acl Safe_ports 端口 443 # https

      acl Safe_ports 端口 70 # gopher

      acl Safe_ports 端口 210 # wais

      acl Safe_ports port 1025-65535 #未注册的端口

      acl Safe_ports 端口 280 # http-mgmt

      acl Safe_ports 端口 488 # gss-http

      acl Safe_ports port 591 # filemaker

      acl Safe_ports port 777 #multiling http

      acl CONNECT 方法 CONNECT

      http_access 允许本地管理器

      http_access 允许本地主机

      coredump_dir /var/spool/squid

      refresh_pattern ^ftp: 1440 20% 10080

      refresh_pattern ^gopher: 1440 0% 1440

      refresh_pattern -i (/cgi-bin/|?) 0 0% 0

      refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880

      刷新模式。 0 20% 4320

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2014-10-25
        • 1970-01-01
        • 1970-01-01
        • 2016-09-26
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多