Squid+MySQL认证
要是用本地文件做验证就太麻烦了····
我需要借助第三方认证!然后选择了MySQL····
以下记录方便所有需要同学参考
# 服务器信息
[thsheep@proxy ~]$ hostnamectl
Static hostname: proxy
Icon name: computer-vm
Chassis: vm
Machine ID: 53ce105d2ff73e81b5f54777fbf6095f
Boot ID: 0565112160324810b5fe55fa9e316593
Virtualization: kvm
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-862.14.4.el7.x86_64
Architecture: x86-64
# 安装Squid
[thsheep@proxy ~]$ sudo yum install -y squid
# 安装MySQL认证依赖(官方带的MySQL认证插件需要这个依赖库 不然会报错)
[thsheep@proxy ~]$ sudo yum install perl-DBD-mysql
mysql> create database squid;
mysql> grant select on squid.* to 你的用户名@% identified by '你使用的密码';
mysql> CREATE TABLE `passwd` (
`user` varchar(32) NOT NULL default '',
`password` varchar(35) NOT NULL default '',
`enabled` tinyint(1) NOT NULL default '1',
`fullname` varchar(60) default NULL,
`comment` varchar(60) default NULL,
PRIMARY KEY (`user`)
);
mysql> insert into passwd values('testuser','test',1,'Test User','for testing purpose');
# 注意这是在安装Squid的服务器上进行
# /usr/lib64/squid/basic_db_auth --dsn "DBI:mysql:刚刚建立的数据名字:你的服务器IP" --user proxyauth --password proxy2018 --plaintext --persist
[thsheep@proxy ~]$ /usr/lib64/squid/basic_db_auth --dsn "DBI:mysql:squid:xx.xx.xx.xx" --user proxyauth --password proxy2018 --plaintext --persist
testuser test # 这是刚刚建立的测试账号和密码
OK
Note: 如果输出OK 则表示正常工作
下面是Squid的完整配置文件
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
#http_access deny !Safe_ports
http_access allow !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
#http_access deny allow !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
#http_access deny !localnet
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
#http_access deny all
# Squid normally listens to port 3128
http_port 0.0.0.0:3128
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
auth_param basic program /usr/lib64/squid/basic_db_auth --dsn "DBI:mysql:squid:替换IP" --user proxyauth --password proxy2018 --plaintext --persist
auth_param basic children 10
auth_param basic realm PleaseSignIn
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl db-auth proxy_auth REQUIRED
http_access allow db-auth
http_access deny all
via off
cache deny all
forwarded_for off / forwarded_for delete
follow_x_forwarded_for deny all
request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all
#检查配置文件 没有任何错误输出则配置文件正常
[thsheep@proxy ~]$ sudo squid -k parse
[thsheep@proxy ~]$ sudo systemctl start squid
# 是否监听在正常端口
[thsheep@proxy ~]$ netstat -nlt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
浏览器测试可以使用 SwitchyOmega 插件
#!/usr/bin/python3
"""
-------------------------------------------------
File Name: main
Description :
Author : thsheep
date: 2018/11/27
-------------------------------------------------
Change Activity:
2018/11/27:
-------------------------------------------------
"""
__author__ = 'thsheep'
import requests
if __name__ == '__main__':
proxies = {
"http": "http://testuser:test@xx.xxx.xxx.206:3128",
}
response = requests.get("http://www.net.cn/static/customercare/yourip.asp", proxies=proxies)
response.encoding = 'gb2312'
print(response.text)
输入出如下:
以上完毕!