Configuring squid with custom authentication helper in accelerator mode (reverse proxy)_问答_开发者

Configuring squid with custom authentication helper in accelerator mode (reverse proxy)

开发者 https://www.devze.com 2023-01-27 08:51 出处：网络

I need to configure Squid as a reverse proxy with a custom authentication helper for each incoming requests. Every request to Squid is assumed to be with basic authentication. Any connection which fails the authentication, should be terminated. I am a newbie in Squid. Following is the configuration script I have used. This sample is to access "mindofaprogrammer.blog.com",

acl all src all
acl manager proto cache_object

http_port 80 accel defaultsite=mindofaprogrammer.blog.com
cache_peer mindofaprogrammer.blog.com parent 80 0 no-query originserver name=myAccel

acl myblog dstdomain mindofaprogrammer.blog.com
http_access allow myblog
cache_peer_access myAccel allow myblog
cache_peer_access myAccel deny all


auth_param basic program C:/wamp/bin/php/php5.3.0/php.exe "c:/squid/libexec/authhelper.php"
auth_param basic children 2
auth_param basic realm eReader
auth_param basic credentialsttl 5 hours

acl AuthUsers proxy_auth REQUIRED
http_access allow AuthUsers

access_log c:/squid/va开发者_开发百科r/logs/access.log squid
coredump_dir c:/squid/var/cache

I have written the custom authentication helper in a PHP script. The listing of the same is as follows,

<?php
$f = fopen("php://stdin", "r");
while ($line = fgets($f)) {
        $line = trim($line);
        $fields = explode(' ', $line);
        $username = rawurldecode($fields[0]); //1738
        $password = rawurldecode($fields[1]); //1738
        if ($username == 'hello' 
            and $password == 'world') {
                fwrite(STDOUT, "OK\n");
        } else if ($username == 'fo'
            and $password == 'bar') {
                fwrite(STDOUT, "OK\n");
        } else {
                // failed miserably
                fwrite(STDOUT, "ERR\n");
        }
}
?>

The problem I am facing is, even after configuring this, only the reverse proxy settings are working not the authentication. Am I doing something wrong here?

I think you first need to add a http_access deny all at the very bottom.

Then you should combine the two http_access'es into one single line (as the "AND" operator) like this:

http_access allow AuthUsers myblog

Remember that Squid always uses the first line it matches and stops processing further, which in your line http_access allow myblog simply accepts all requests and stops moving down to the authentication part.