Sunday, September 22, 2013

Squid proxy authentication using ncsa_auth helper

Step # 1: Create a username/password

First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1
Output:
New password:
Re-type new password:
Adding password for user user1
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd

Step # 2: Locate nsca_auth authentication helper

Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth

Step # 3: Configure nsca_auth for squid proxy authentication

Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file.
Where,
  • auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
  • auth_param basic children 5 : The number of authenticator processes to spawn.
  • auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
  • auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
  • auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
  • acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
  • http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
Restart squid:
# /etc/init.d/squid restart
Now user is prompted for username and password.

Source: http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html
Posted by at No comments:

Thursday, September 12, 2013

How to download entire website using wget


$ wget \
    --recursive \
    --no-clobber \
    --page-requisites \
    --html-extension \
    --convert-links \
    --restrict-file-names=windows \
    --domains website.org \
    --no-parent \
        http://www.domainname.com/tutorials/

Posted by at No comments:
Subscribe to: Comments (Atom)