[squid-users] Squid-cache authentication is not working
Hello, I installed the Squid-cache on Debian 12, then I installed the Apache utils: $ sudo apt install apache2-utils After it, I did the following steps: $ sudo touch /etc/squid/passwd $ sudo chown proxy /etc/squid/passwd Then: $ sudo htpasswd /etc/squid/passwd jason After it, I opened the "/etc/squid/squid.conf" file and add the following lines to it: auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 2 hours acl auth_users proxy_auth REQUIRED http_access allow auth_users http_access deny all Finally: $ sudo systemctl restart squid But, on the client machine, I can visit any website without the username and password. Which part of the configuration is wrong? Thank you. ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid-cache authentication is not working
Hi Alex,Thank you so much for your reply.My Squid-cache server IP is "192.168.1.2".I use Mozilla Firefox and set the proxy to "192.168.1.2:3128".What information do you need to tell you? Sent from Yahoo Mail on Android On Sat, Sep 9, 2023 at 5:56 PM, Alex Rousskov wrote: On 2023-09-09 09:09, Jason Long wrote: > Hello, > I installed the Squid-cache on Debian 12, then I installed the Apache utils: > > $ sudo apt install apache2-utils > > After it, I did the following steps: > > $ sudo touch /etc/squid/passwd > $ sudo chown proxy /etc/squid/passwd > > Then: > > $ sudo htpasswd /etc/squid/passwd jason > > After it, I opened the "/etc/squid/squid.conf" file and add the following > lines to it: > > auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd > auth_param basic children 5 > auth_param basic realm Squid Basic Authentication > auth_param basic credentialsttl 2 hours > acl auth_users proxy_auth REQUIRED > http_access allow auth_users > http_access deny all > > > Finally: > $ sudo systemctl restart squid > > But, on the client machine, I can visit any website without the username and > password. > Which part of the configuration is wrong? Many things could go wrong, but I would start from the beginning: Perhaps the client (browser) is not configured to use the proxy? Do you see client transactions reflected in Squid access.log? Anything in Squid cache.log? HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid-cache authentication is not working
Hello, Thanks again. You right, I must move the following lines after the authentication lines: http_access allow localnet http_access allow localhost http_access deny all It worked. On Sunday, September 10, 2023 at 01:57:32 AM GMT+3:30, Alex Rousskov wrote: On 2023-09-09 15:09, Jason Long wrote: > My Squid-cache server IP is "192.168.1.2". > I use Mozilla Firefox and set the proxy to "192.168.1.2:3128". > What information do you need to tell you? Do you see Firefox requests/transactions reflected in Squid access.log? Anything in Squid cache.log? Sorry, I do not know where those logs are on your machine. Typical locations include /var/log/ and /usr/local/squid/var/logs Another thing to check is whether the http_access rules you have added are in the right place. If you simply appended those rules to the default Squid configuration file, then they will not work (because http_access rules above them will be used instead). Default squid.conf marks the place where you should insert custom http_access rules: Look for an "INSERT YOUR OWN RULE(S) HERE" comment. You can check this second theory by removing "http_access allow auth_users" and leaving just the "http_access deny all" rule that you have added earlier. If everything still works, then either Squid does not receive these requests at all (i.e. the first theory) or your access rules are too low (i.e. this second theory). HTH, Alex. > On Sat, Sep 9, 2023 at 5:56 PM, Alex Rousskov > wrote: > On 2023-09-09 09:09, Jason Long wrote: > > > Hello, > > I installed the Squid-cache on Debian 12, then I installed the > Apache utils: > > > > $ sudo apt install apache2-utils > > > > After it, I did the following steps: > > > > $ sudo touch /etc/squid/passwd > > $ sudo chown proxy /etc/squid/passwd > > > > Then: > > > > $ sudo htpasswd /etc/squid/passwd jason > > > > After it, I opened the "/etc/squid/squid.conf" file and add the > following lines to it: > > > > auth_param basic program /usr/lib/squid/basic_ncsa_auth > /etc/squid/passwd > > auth_param basic children 5 > > auth_param basic realm Squid Basic Authentication > > auth_param basic credentialsttl 2 hours > > acl auth_users proxy_auth REQUIRED > > http_access allow auth_users > > http_access deny all > > > > > > Finally: > > $ sudo systemctl restart squid > > > > But, on the client machine, I can visit any website without the > username and password. > > Which part of the configuration is wrong? > > > > Many things could go wrong, but I would start from the beginning: > Perhaps the client (browser) is not configured to use the proxy? Do you > see client transactions reflected in Squid access.log? Anything in > Squid > cache.log? > > HTH, > > Alex. > > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > https://lists.squid-cache.org/listinfo/squid-users > <https://lists.squid-cache.org/listinfo/squid-users> > ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
[squid-users] Does Squid-cache support SOCKS5 protocol?
Hello,Can I use Squid-cache to set up a SOCKS5 proxy server? Thank you ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Does Squid-cache support SOCKS5 protocol?
Hello, Thank you so much for your reply. Does the Squid-cache team have any plans to add this feature? On Monday, September 11, 2023 at 01:01:55 AM GMT+3:30, Francesco Chemolli wrote: Hi, no, you can't. Squid can be a socks5 client, but not a socks5 server. On Sun, Sep 10, 2023 at 9:56 PM Jason Long wrote: > Hello, > Can I use Squid-cache to set up a SOCKS5 proxy server? > > Thank you > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users > -- Francesco ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Does Squid-cache support SOCKS5 protocol?
Hello, Thank you so much for your reply. Dante (https://www.inet.no/dante/)? How does it performance? Can it also act as an HTTP server? On Tuesday, September 12, 2023 at 10:08:01 AM GMT+3:30, Matus UHLAR - fantomas wrote: >On 9/11/23 4:23 AM, Jason Long wrote: >>Does the Squid-cache team have any plans to add this feature? On 11.09.23 18:29, Grant Taylor wrote: >Is there a particular reason that you want to see Squid add support as >a SOCKS server verses using a different existing SOCKS server? E.g. >Dante SOCKS server? > >Dante is quite capable and can do a LOT of things. To be frank, having configuration, logging and ACL's on one place made me also think to use SQUID for SOCKS in the past. But for SOCKS I use Dante because of that. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. There's a long-standing bug relating to the x86 architecture that allows you to install Windows. -- Matthew D. Fuller ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
[squid-users] A few things about Squid-cache
Hello,I have some questions:1- What tips should be considered to keep Squid-cache safe? 2- How strong is Squid-cache? How many users can use it at the same time? 3- Can Squid-cache also play the role of a firewall? Something like the Microsoft ForeFront TMG Replacement or the Kemp LoadMaster. Thank you.___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] A few things about Squid-cache
Hello,Thank you so much for your reply.1- Regarding security, what parameters should be changed or added in the configuration file? 2- How to configure Squid-cache service for 1000 clients? On Sat, Sep 23, 2023 at 12:26 AM, Francesco Chemolli wrote: Hi Jason! Squid is a complex piece of software, which is deployed in a vast number of scenarios, some are simpler and some are intensely adversarial and trickier.Securing squid is similar to any other public-facing complex service; it's unfortunately not something that can be explained with a few tips. Regarding how many users Squid can support at the same time, it really depends, mostly on the hardware, services configuration, and user behaviour. On modern hardware, Squid can generally support many users, in the order of several thousands Squid is not a firewall, on most modern Unix-like operating systems, including Linux, FreeBSD, and OpenBSD, that role can be fulfilled by the underlying operating system On Thu, Sep 21, 2023 at 7:59 PM Jason Long wrote: Hello,I have some questions:1- What tips should be considered to keep Squid-cache safe? 2- How strong is Squid-cache? How many users can use it at the same time? 3- Can Squid-cache also play the role of a firewall? Something like the Microsoft ForeFront TMG Replacement or the Kemp LoadMaster. Thank you.___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users -- Francesco ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
