Password Authentication Using NCSA
You can configure Squid to prompt users for a username and password.
Squid comes with a program called ncsa_auth that reads any NCSA-compliant encrypted password file.
You can use the htpasswd program that comes installed with Apache to create your passwords.
1) Create the password file. The name of the password file should be /etc/squid/squid_passwd
[root@jepoy tmp]# touch /etc/squid/squid_passwd
[root@jepoytmp]# chmod o+r /etc/squid/squid_passwd
2) Use the htpasswd program to add users to the password file.
You can add users at anytime without having to restart Squid. In this case, you add a username called www:
[root@jepoy tmp]# htpasswd /etc/squid/squid_passwd www
New password:
Re-type new password:
Adding password for user www
[root@jepoy tmp]#
3) Find your ncsa_auth file using the locate command.
[root@jepoy tmp]# locate ncsa_auth
/usr/lib/squid/ncsa_auth
[root@jepoy tmp]#
4) Edit squid.conf; here's an example:
#
# Add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users
5) This requires password authentication and allows access only during business hours. Once again, the order of the statements is important:
#
# Add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED
acl business_hours time M T W H F 9:00-17:00
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users business_hours
6. Remember to restart Squid for the changes to take effect.
service squid restart