现在很多网络代理扫描工具都可以很快的扫描出我们搭建的代理,如果不想被人使用,可以设置squid通过账号密码来验证,这样即使扫描出了代理,没有账户密码就不怕别人蹭我们的代理了。
首先,安装配置好squid代理,这里为了简便,并没有配置太多的acl策略。
1 | [root@iZt4nbb1rjtnkcrx0p7ejzZ ~]# rpm -q squid |
2 | squid-3.1.23-24.el6.x86_64 |
3 | [root@iZt4nbb1rjtnkcrx0p7ejzZ ~]# |
配置文件,这里使用默认端口3128:
1 | [root@iZt4nbb1rjtnkcrx0p7ejzZ ~]# cat /etc/squid/squid.conf |
4 | auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_user.txt |
5 | auth_param basic children 5 |
6 | auth_param basic realm Welcome to pycredit's proxy-only web server |
9 | acl squid_user proxy_auth REQUIRED |
10 | # Recommended minimum configuration: |
14 | acl Safe_ports port 80 # http |
15 | acl Safe_ports port 21 # ftp |
16 | acl Safe_ports port 443 # https |
17 | acl Safe_ports port 70 # gopher |
18 | acl Safe_ports port 210 # wais |
19 | acl Safe_ports port 1025-65535 # unregistered ports |
20 | acl Safe_ports port 280 # http-mgmt |
21 | acl Safe_ports port 488 # gss-http |
22 | acl Safe_ports port 591 # filemaker |
23 | acl Safe_ports port 777 # multiling http |
25 | http_access deny !Safe_ports |
26 | http_access allow squid_user |
27 | # And finally deny all other access to this proxy |
30 | # Squid normally listens to port 3128 |
33 | # Uncomment and adjust the following to add a disk cache directory. |
34 | cache_dir ufs /var/spool/squid 100 16 256 |
36 | # Leave coredumps in the first cache dir |
37 | coredump_dir /var/spool/squid |
39 | # Add any of your own refresh_pattern entries above these. |
40 | refresh_pattern ^ftp: 1440 20% 10080 |
41 | refresh_pattern ^gopher: 1440 0% 1440 |
42 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 |
43 | refresh_pattern . 0 20% 4320 |
上面的passwd文件需要使用htpasswd命令生成,如果没有这个命令需要使用http-tools工具,若没有安装httpd:
查看源代码打印帮助
1 | htpasswd -c /etc/squid/squid_user.txt fanxiaomo |
2 | [root@iZt4nbb1rjtnkcrx0p7ejzZ ~]# htpasswd -c /etc/squid/</em>squid_user.txt fanxiaomo |
5 | Adding password for user fanxiaomo |
重启squid服务,在浏览器测试,使用的时候需要输入用户名和密码。
