在加速器模式下使用自定义身份验证帮助程序配置鱿鱼（反向代理）

发布于 2024-10-05 07:52:18 字数 1553 浏览 6 评论 0 原文

我需要将 Squid 配置为反向代理，并为每个传入请求提供自定义身份验证帮助程序。假定对 Squid 的每个请求都经过基本身份验证。任何未通过身份验证的连接都应终止。我是鱿鱼的新手。以下是我使用过的配置脚本。这个示例是访问“mindofaprogrammer.blog.com”，

acl all src all
acl manager proto cache_object

http_port 80 accel defaultsite=mindofaprogrammer.blog.com
cache_peer mindofaprogrammer.blog.com parent 80 0 no-query originserver name=myAccel

acl myblog dstdomain mindofaprogrammer.blog.com
http_access allow myblog
cache_peer_access myAccel allow myblog
cache_peer_access myAccel deny all


auth_param basic program C:/wamp/bin/php/php5.3.0/php.exe "c:/squid/libexec/authhelper.php"
auth_param basic children 2
auth_param basic realm eReader
auth_param basic credentialsttl 5 hours

acl AuthUsers proxy_auth REQUIRED
http_access allow AuthUsers

access_log c:/squid/var/logs/access.log squid
coredump_dir c:/squid/var/cache

我在PHP脚本中编写了自定义身份验证助手。其列表如下，

<?php
$f = fopen("php://stdin", "r");
while ($line = fgets($f)) {
        $line = trim($line);
        $fields = explode(' ', $line);
        $username = rawurldecode($fields[0]); //1738
        $password = rawurldecode($fields[1]); //1738
        if ($username == 'hello' 
            and $password == 'world') {
                fwrite(STDOUT, "OK\n");
        } else if ($username == 'fo'
            and $password == 'bar') {
                fwrite(STDOUT, "OK\n");
        } else {
                // failed miserably
                fwrite(STDOUT, "ERR\n");
        }
}
?>

我面临的问题是，即使配置了此选项，也只有反向代理设置起作用，而身份验证不起作用。我在这里做错了什么吗？

原文

I need to configure Squid as a reverse proxy with a custom authentication helper for each incoming requests. Every request to Squid is assumed to be with basic authentication. Any connection which fails the authentication, should be terminated. I am a newbie in Squid. Following is the configuration script I have used. This sample is to access "mindofaprogrammer.blog.com",

acl all src all
acl manager proto cache_object

http_port 80 accel defaultsite=mindofaprogrammer.blog.com
cache_peer mindofaprogrammer.blog.com parent 80 0 no-query originserver name=myAccel

acl myblog dstdomain mindofaprogrammer.blog.com
http_access allow myblog
cache_peer_access myAccel allow myblog
cache_peer_access myAccel deny all


auth_param basic program C:/wamp/bin/php/php5.3.0/php.exe "c:/squid/libexec/authhelper.php"
auth_param basic children 2
auth_param basic realm eReader
auth_param basic credentialsttl 5 hours

acl AuthUsers proxy_auth REQUIRED
http_access allow AuthUsers

access_log c:/squid/var/logs/access.log squid
coredump_dir c:/squid/var/cache

I have written the custom authentication helper in a PHP script. The listing of the same is as follows,

<?php
$f = fopen("php://stdin", "r");
while ($line = fgets($f)) {
        $line = trim($line);
        $fields = explode(' ', $line);
        $username = rawurldecode($fields[0]); //1738
        $password = rawurldecode($fields[1]); //1738
        if ($username == 'hello' 
            and $password == 'world') {
                fwrite(STDOUT, "OK\n");
        } else if ($username == 'fo'
            and $password == 'bar') {
                fwrite(STDOUT, "OK\n");
        } else {
                // failed miserably
                fwrite(STDOUT, "ERR\n");
        }
}
?>

The problem I am facing is, even after configuring this, only the reverse proxy settings are working not the authentication. Am I doing something wrong here?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

失眠症患者 2024-10-12 07:52:18

我认为您首先需要在最底部添加 http_access denial all 。

然后，您应该将两个 http_access'es 组合成一行（作为“AND”运算符），如下所示：

http_access allow AuthUsers myblog

请记住，Squid 始终使用它匹配的第一行，并且< strong>停止进一步处理，在您的http_access allowed myblog行中，它只是接受所有请求并停止向下移动到身份验证部分。

I think you first need to add a http_access deny all at the very bottom.

Then you should combine the two http_access'es into one single line (as the "AND" operator) like this:

http_access allow AuthUsers myblog

Remember that Squid always uses the first line it matches and stops processing further, which in your line http_access allow myblog simply accepts all requests and stops moving down to the authentication part.