Howto: Squid proxy authentication using ncsa_auth helper

by on December 21, 2006 · 86 comments· LAST UPDATED May 31, 2008

in , ,

For fine control you may need to use Squid proxy server authentication. This will only allow authorized users to use proxy server.

You need to use proxy_auth ACLs to configure ncsa_auth module. Browsers send the user's authentication in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.

However squid is not equipped with password authentication. You need to take help of authentication helpers. Following are included by default in most squid and most Linux distros:
=> NCSA: Uses an NCSA-style username and password file.
=> LDAP: Uses the Lightweight Directory Access Protocol
=> MSNT: Uses a Windows NT authentication domain.
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
=> SMB: Uses a SMB server like Windows NT or Samba.
=> getpwam: Uses the old-fashioned Unix password file.
=> SASL: Uses SALS libraries.
=> NTLM, Negotiate and Digest authentication

Configure an NCSA-style username and password authentication

I am going to assume that squid is installed and working fine.

Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization :)

Step # 1: Create a username/password

First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1

New password:
Re-type new password:
Adding password for user user1

Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd

Step # 2: Locate nsca_auth authentication helper

Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth


If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep ncsa_auth


Step # 3: Configure nsca_auth for squid proxy authentication

Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file.


  • auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
  • auth_param basic children 5 : The number of authenticator processes to spawn.
  • auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
  • auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
  • auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
  • acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
  • http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.

Restart squid:
# /etc/init.d/squid restart

Now user is prompted for username and password.
Squid proxy authentication using ncsa_auth module

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 86 comments… read them below or add one }

1 marco lunardi December 26, 2006 at 10:11 pm

authentication using ncsa_auth run with proxy transparent ?


2 nixCraft December 27, 2006 at 3:21 am


You cannot use Proxy Authentication transparently


3 Mani M N S July 30, 2007 at 12:55 pm

Is htpasswd is available for download for FreeBSD. (pkg_add requires many components) Is their anyother way to generate password file like htpasswd?


4 Ken Davis August 7, 2007 at 6:17 pm

“Is htpasswd is available for download for FreeBSD. (pkg_add requires many components) Is their anyother way to generate password file like htpasswd?”

– For me on ubuntu I installed apache2-utils, must be something similar on FreeBSD. E.g.:

apt-cache search htpasswd, yields:

apache2-utils – util…

Awesome article btw! Got me up and running with no problems! Thanks!


5 Henyx June 10, 2014 at 3:25 pm

On Centos 6 try:

yum provides \*bin/htpasswd


6 Henyx June 10, 2014 at 3:29 pm

Better yet …. try this one:

yum install httpd-tools


7 Hedwig June 9, 2008 at 9:56 am

i have installed my FreeBSD & Squid with ./configure –enable-delay-pools –enable-arp-acl –enable-auth=”basic” –enable-basic-auth-helpers=”NCSA”
when i want to use ncsa, and i’d like to use htpasswd to create username/password, this command is not found.
what should i do?
where do i have to find the htpasswd command?


8 nixCraft June 9, 2008 at 11:22 am

htpasswd is part of Apache package under FreeBSD. To install goto ports

cd /usr/ports/www/apache22/
make install clean


9 Hedwig June 10, 2008 at 6:09 am

thanks for the response. :)

i’ve succeeded installing the apache, and i can use the htpasswd command.

thanks a lot.

but i have another problem.
i created 1 new user with: htpasswd /usr/local/squid/etc/passwd user1
and it’s succeed.

i also followed the above instructions to have a NCSA-style username and password authentication.
i’ve reconfigure my squid.conf file.

but when i try to browse sites through internet explorer, the authorization doesn’t come up.

Note: i already set the “lan connection + proxy” option.


10 anant tickoo July 15, 2008 at 1:36 am

using squid 2.6
i used the setting above …

acl ncsa_i proxy_auth REQUIRED
http_access allow ncsa_i
if i use this two lines in conf file ..squid fails to restart
i can’t understand were is the bug


11 Shyamal September 13, 2008 at 12:31 pm

i hv configure with your above instration and i am able to get popup for user name and password. after entering password it is not loging it is not autorised.

can u help me ?
when i check the access log file the follow error are there.

waiting for your reply.


12 anant September 13, 2008 at 2:51 pm

hey !! i had problems with the iptables….

you also chack that …

i restored it to original


13 Raja September 14, 2008 at 9:19 am

Hi Shyamal ,

What is the problem is the password file should contain clear text and not digest text.The format of password file is as follows:
so check it I hope it will solve ur issue.


14 Shyamal Thaker September 17, 2008 at 6:06 am

Dear all
Thanks for reply.
What I have done,I have configured only squid.conf with following line , I hv not configured iptable , firewall.

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#auth_param basic realm squid proxy-caching web server
auth_param basic realm
auth_param basic casesensitive off

acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Can u help me in detail what component I hv to configured I have just enter the ncsa_auth line in squid.conf that’s it


15 anant September 17, 2008 at 7:10 am

hi ,, you can refer the for the detailed reference of you configuration.

one more thing check the access given to squid_passwd.
and have you register any user in that file …

hope this helps


16 Shyamal Thaker September 17, 2008 at 9:46 am

Dear anant Thanks
for your prompt reply , I want to tell you more thing I hv not installed squid separately I hv installed linux with squid and that /etc/squid/squid.conf I am using.
I have created 2(two) user in that files with help of htpasswd the file permission as below
-rw-r–r– 1 root root 40 Sep 14 02:29 squid_passwd

Waiting for your reply.


17 Raja September 17, 2008 at 11:07 am

Hi Shyamal ,
I told u the same ,it might be created with md5 the solution is remove the file squid_passwd.and try this cmd,

htpasswd -c /etc/squid/squid_passwd user1
htppasswd /etc/squid/squid_passwd user2

add the users how much u want and try again now


18 Shyamal Thaker September 17, 2008 at 12:13 pm

Dear raja
thanks for reply,

it is notworking

password not acepting

[root@rhel squid]# cat squid_passwd
[root@rhel squid]#

or if you are useing gtalk so we can talk online pls give me your email id. here i am giving my gmail id for fast comunication

waiting for your reply.


19 Raja September 19, 2008 at 2:59 am

Hi Shyamal ,

sorry for the delay.I was busy with my Any how what u have done is correct.check the log.and let me know.
u can contact me


20 anant September 19, 2008 at 3:15 am

hey onme liast thing is ur iprange in series of
192.168.1.*. in not then i think you have to still play with ACL.


21 Shyamal Thaker September 19, 2008 at 5:22 am

Dear all
thanks i hv add your id in my database, whenever r u free just online


22 Adam September 20, 2008 at 5:57 pm

Worked perfect, thanks for the article


23 Ahsan ul haq December 31, 2008 at 2:41 pm


i configure my squid file as you describe but when i try to browse sites through internet explorer, the authorization doesn’t come up.
plz reply on


24 killerbees19 December 31, 2008 at 9:11 pm

Hello guys, I just want to say: THANK YOU! :-)
I tried to configure squid since two days, with your tutorial it works. Thanks a lot and a happy new year ;-)

Regards, Christian


25 AnRkey January 28, 2009 at 9:00 am

You guys rock, thanks very much!


26 Helmi Indra January 29, 2009 at 7:17 pm


i’ve configured my squid as above, but squid cannot start anyway, can you trace where my fault is?
here is my conf :
acl login_user proxy_auth REQUIRED
http_access allow login_user

#proxy_auth program
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password
auth_param basic children 5
auth_param basic realm Proxy Badilag
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

and here is the error comment :
> service squid restart
Stopping squid: [OK]
Starting squid: [FAILED]
2009/01/30 02:16:07| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2009/01/30 02:16:07| Starting Authentication on port
2009/01/30 02:16:07| Disabling Authentication on port (interception enabled)
2009/01/30 02:16:07| Can’t use proxy auth because no authentication schemes are fully configured.
FATAL: ERROR: Invalid ACL: acl login_user proxy_auth REQUIRED

Squid Cache (Version 3.0.STABLE10): Terminated abnormally.
CPU Usage: 0.007 seconds = 0.003 user + 0.004 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

thanks before….


27 macPerl January 31, 2009 at 1:06 pm

Thank you so much.

As a newbie to linux/ubuntu/squid it was an excellent help.


28 Andry February 10, 2009 at 2:31 am

How do you control auth user for blocking some host, i try to limit with acl but it won’t work.

eg. auth user cannot access but other site are ok


29 suvendu kumar mohapatra February 17, 2009 at 3:46 am

When i am trying to open any ineternet sites, the browser is asking for user authentication. When I enter my authentication, I am being able to access the internet. I am using red hat linux. Kindly tell a solution so that the browser will never ask for authentication means the browser will take my user id and password automatically and should not ask me. I am opearated behind a proxy server.


30 Fendy Ahmad March 29, 2009 at 3:44 am

If you guys having this error:

Invalid Proxy Auth ACL 'acl ncsa_users proxy_auth REQUIRED' because no authentication schemes are fully configured.

Just make sure that the code below is set after all the auth_param

acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Hope this helps.


31 brave February 5, 2014 at 11:45 am

this solution worked out for me. thanks Fendy Ahmad


32 Madhusudhan April 11, 2009 at 4:21 pm

Yes Dear,

It is help full but in the same authuntication can’t get complete user details like from time to time uses for the need use other tools for compile the logs.

Linux Admin


33 earthurcom May 11, 2009 at 2:39 pm

I’ve the same problem than Hedwig, i followed the instruction (and it succeed).
however, when i try to browse sites through internet explorer, the authorization doesn’t come up.

thanks in advance


34 Upasana May 13, 2009 at 11:57 am

HellO guys,

I have to configure a Squid along with an antivirus Gateway (computer Associates). Traffic flows as in the following

End-Users -> Antivirus Gateway -> Squid -> Internet.

I have done almost all works. I could do authentication well. but one more scenery.
1. I want all end-users should be authenticated via Squid (already achieved :-) )
2. Antivirus (CA gateway security) gateway need no authentication from Squid. Its traffic should pass Squid tranperantly. ie, for only one sysytem (ie for gateway server) squid should not pose authentication windows.

Any idea.
Is there a Keyword “NOTREQUIRED” (to use along with proxy_auth).

Please reply


35 alamgir June 5, 2009 at 12:41 pm

I have a Linux server & under that i have 150+ client, i want set authentication user name & password of a website in proxy. Just example my website login user name :test & password :test123 , when any client brows www, then it automatically login that site no required to put user & password.


36 iyke June 18, 2009 at 4:01 pm

i want a server that i can use to connect workstations to the internet so that whenever any user tries to connect even with a computer not part of the workstations (such as a laptop via wireless), the user inputs a username and password earlier assigned to the person. please can squid proxy server do that?


37 Cagri Ersen July 16, 2009 at 2:36 pm

There is a way to get only htpasswd program.

You can just run
make -C /usr/ports/www/apache22

then copy the binary and lib files from the work directory like this:

mkdir /usr/local/sbin/.libs
cp /usr/ports/www/apache22/work/httpd-2.2.11/support/htpasswd /usr/local/sbin/
cp /usr/ports/www/apache22/work/httpd-2.2.11/support/.libs/htpasswd /usr/local/sbin/.libs/

Also you can run
make -C /usr/ports/www/apache22 clean
for cleaning all compiled files. (But you can’t use htpasswd again)

That’s all.


38 JOn October 3, 2009 at 6:12 pm

Another great simple to the point guide.




39 test October 12, 2009 at 4:51 pm

I’ve the same problem than Hedwig, i followed the instruction (and it succeed).
however, when i try to browse sites through internet explorer, the authorization doesn’t come up.


http_access allow ncsa_users

above any other similar lines like:

http_access allow localnet
http_access allow localhost


40 Mo October 30, 2009 at 11:37 pm

Thanks, Awesome manual!!! all went fine,


41 Cygnus November 16, 2009 at 8:22 pm

For those following tutorial and having problems with basic ncsa_auth
check your permissions on /etc/squid/passwd file – proxy or squid should be able to read it, and if you are not running squid as root authentication is going to fail.


42 Roshan December 11, 2009 at 8:09 am

How to configure dns in linux


43 anant tickoo December 12, 2009 at 5:48 pm

search for bind. this is DNS server for Linux..

hope this helps


44 bezt January 1, 2010 at 8:01 pm

Thx for u’re article.
Thats work (^o^)/


45 Myo Khaing January 12, 2010 at 2:56 am

Dear all,
How to do WPAD(Web Proxy Auto Discovery)
Pls tell me about


46 bezt February 1, 2010 at 5:38 pm

This only Authenticate user account. But what about ACL on different user/admin?
U can’t combine ACL with ncsa_auth, I mean what if user login with his password then change his IP to IP admin? .ncsa_auth can’t authenticate user account + IP machine + ACL user. Sorry for my bad English
Any Idea?


47 PROXYGUY February 8, 2010 at 7:16 am

yeah i got it running! but how can i restrict user account to use only once. because the username i created can use multiple times… like if the account is already in use.. the next user with the same account well be denied..


48 RODEL R. BANEZ August 18, 2011 at 12:38 am

ACL Name
Max Logon IPs per user
Strictly Enforced
remember to set Authenticate IP Cache to > 0 in “Authentication Programs Module”


49 Ya mum February 17, 2010 at 6:44 am

Nice! real great explination!



50 Andrius March 24, 2010 at 11:01 pm

For those who got TCP_DENIED/407 error:

Trye username and password from lover case letter.


51 captainoi1 May 4, 2010 at 4:46 pm

thank for the information,
it work.
To others who failed to get the authentication to work, maybe you should check your cache.log files.
At first, the authentication was not working on my server, however after checking on the cache.log file, i found out the password file name was wrong.

thank man


52 wyhteagle May 7, 2010 at 8:04 pm

Thanks for the help everything is running awesome!!!


53 rey May 10, 2010 at 7:42 pm

hi I just make the all tutorial and when make a request the browser ask for user:pass but when I type in the user and pass it don’t allow access,
an important thing is that when I add the first user asuin htpasswd /etc/squid/passwd user1 it returns saying that must use -c then I make

htpasswd -c /etc/squid/passwd user1 and it work it add the user, but after that it don’t ask for a password so this steep don’t show:
New password:
Re-type new password:
Adding password for user user1

instead it create the user and asing a ramdom password, then I edit the file /etc/squid/passwd and I see the user1:5T6uud*9?h so I assume that that’s the username and password, but it don’t work

this is my configuration:

acl internal_network src
http_access allow internal_network

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users


54 Kamran May 27, 2010 at 12:24 pm

nice artical but please any guide me how can I encrypt the clear text password user getting it with sanffirs.


55 Mande U.A. June 23, 2010 at 11:37 am

I have done the steps as you have given. But it is saying that ncsa_auth no such file or directory. pls guide me



56 jason gumarang July 6, 2010 at 2:30 am

Guys..if you cant get the authorization to come out, please try this.

acl ncsa_users proxy_auth REQUIRED (Add this to the bottom of the ACL section of squid.conf)

http_access allow ncsa_users (Add this at the top of the http_access section of squid.conf)

acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl ncsa_users proxy_auth REQUIRED

#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow ncsa_users
http_access allow manager localhost
http_access allow our_networks
http_access deny manager

hope i solve your problems


57 Mohan August 26, 2010 at 7:20 am

My configuration is
# be allowed
acl our_networks src
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic realm Squid proxy-caching web server
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
http_access allow our_networks

I am getting this error
Aug 26 23:12:49 centos1 squid[4040]: The basicauthenticator helpers are crashing too rapidly, need help!
Aug 26 23:12:49 centos1 squid[4038]: Squid Parent: child process 4040 exited due to signal 6
to signal 6
Aug 26 23:12:55 centos1 squid[4038]: Squid Parent: child process 4059 started

Guys any body please update on this issue.


58 kartik October 27, 2010 at 7:32 pm

I am getting tcp_denied/407 error . What should I do ?


59 x__d November 29, 2010 at 11:24 am

how do i use this htpasswd command

on win[7]x64

i tried but it does not recognise the command

:]] some help with example


60 Ankalagon December 5, 2010 at 8:06 pm


works fine,

thank you very much!


61 Jarkko February 24, 2011 at 7:30 am

Anyone who has the problem that the authentication window pops up but the authentication fails all the time, try this: in squid.conf set auth_param basic casesensitive on

I dont really know why but it worked for me. I spent many hours until I accidentally found this out so I hope this helps somebody.


62 kebo June 22, 2011 at 5:59 am

Stopping squid: [FAILED]
Starting squid: [FAILED]
for that?


63 RODEL R. BANEZ August 6, 2011 at 10:52 am

The info was very interesting but the problem is that. one user account can authenticate multiple times. You should also show us how to limit a user authentication because this is the most important in authentication program is to limit the account login. and how to auto ban the account if its use multiple times in different pc. I hope you can give us a code in squid


64 Juan Garcia October 14, 2011 at 4:56 pm

Followed the example and got the proxy authentication to work successfully…. This is a very nicely written example of how to get started. The only thing I had to do extra, was to install a package that would allow me to run the “htpasswd” command.

Thanks a bunch,



65 LtPitt December 15, 2011 at 10:20 am

What a post!

God bless you.


66 Iska June 8, 2012 at 2:10 pm

Arigatou Gozaimasu,
That’s really work,
and thanks for the explanation, it help me to finish my report . . .

and for the first one who comment this post,
for SQUID 2.5 or latter
if you want to transparent proxy:
you can add “transparent” at squid.conf
http_port 3128 transparent
and after that, run iptables
#iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
and active the fowarding
#echo “1” > /proc/sys/net/ipv4/ip_foward
and restart your squid


67 Mitchelle July 11, 2012 at 9:25 am

We are using squid proxy authentication using samba. Users are given there username and password to authenticate in browser.
Only issue is that it accepts the authentication even if user enters “space” as username and password, can we prohibit empty space to be accepted in authentication.


68 Manikandan July 26, 2012 at 10:34 am

thaks vivek_gite works perfect :) :)

hi pioneers,i have one query

i can look out use of cmd # tailf /var/log/squid/access.log | grep mani
but i need a seperate file for each users

sample user_name || passwd
1.mani || passwdmani file name like “squid_access_mani”
2.Roni || passwdrey file name “squid_access_roni”


69 Prabu K August 31, 2012 at 7:47 am

This is working firebox only. Not working IE…. help me………


70 Akshay September 7, 2012 at 4:20 pm

I did the setting it works fine if I remove intercept from http_port squidip intercept
I like to configure it with intercept or transparent proxy is it possible


71 Akshay September 7, 2012 at 4:27 pm

problem when using transparent proxy how to overcome


72 Govind September 18, 2012 at 12:25 pm

How you have customized the Username Password authentication login ??


73 Akshay September 19, 2012 at 1:53 pm

I have use the username and password that stored in squidpasswd as given in above steps


74 alfrapha September 22, 2012 at 11:26 am

You should not *append* auth_param, but should insert it *before* acl part. Otherwise you will get FATAL error when trying to start squid.


75 MojoQ October 12, 2012 at 12:26 pm

Thanks for this tutorial!
Still works with squid3 but paths must be changed accordingly

Helped me out a lot!


76 Matt November 30, 2012 at 5:03 pm

i have problem:
Client log:
[25:24] Starting: Test 2: Connection through the Proxy Server
[26:25] Error : connection to the proxy server was closed unexpectedly.
Please make sure that the proxy server protocol and address are correct.
[26:25] Test failed.
[26:25] Testing Finished.

Server log:
1354294595.946 60477 ***.***.***.*** TCP_MISS/503 0 CONNECT user1 DIRECT/2607:f8b0:4003:c01::63 -


77 javed June 25, 2013 at 7:19 am

./configure –enable-auth=”basic”
This is not working in squid 3.3.5 at centos 6.4 when i am comiling squid,
Error displayed :
Unrecognized argument.


78 Rajat Ganguly July 17, 2013 at 10:03 am

How will I identify which user, created by above way, has accessed how much data & how will I restrict the user to use upto certain limit of data (download/upload)


79 CR September 2, 2013 at 6:22 am

I my having network that used proxy with authentication.
Is there anyway I can store the proxy server name, username and password in this conf file and then just use the IP address of that machine for accessing internet over other machines directly.


80 Sutanu September 24, 2013 at 5:45 pm

Dear All,

The transparent proxy is also available with “forwarded_for” option, the syntax is

forwarded_for server ip

inside squid.conf file

Love u nixcraft


81 Anees September 30, 2013 at 4:59 pm

can we change the location of password file from /etc/passwd to any other thing?

I try changing and it is not working


82 Ilia June 17, 2014 at 6:13 pm

When using basic_ncsa_auth, does it send password on the very first prompt in plain text and subject to man-in-the-middle attack, right?


83 udiniq August 28, 2014 at 8:49 am

thanks very much for this tutorial. :)


84 soph September 13, 2014 at 11:47 am

# htpasswd /etc/squid/passwd sophie
htpasswd: cannot modify file /etc/squid/passwd; use ‘-c’ to create it
root@silly:/etc/squid3# htpasswd -c /etc/squid/passwd sophie
htpasswd: cannot create file /etc/squid/passwd

Then I gave up.


85 Ilia October 22, 2014 at 4:56 am

You must use -c key as your file doesn’t exist, try using:

htpasswd -c /etc/squid/passwd sophie


86 Yurii February 3, 2015 at 8:46 am

I have a problem with configuring squid 3.1. I have several outgoing ips and i created same amount of users. I want to setup squid so that one user can access to only one outgoing ip. Users use authentication (login/pass) so i tried to make one acl by one proxy_auth. But smth is wrong.
Here is my conf file:

acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1
acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

My part on

auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/internet_users
auth_param basic children 5
acl internet_users proxy_auth REQUIRED
http_access allow internet_users

#here i tried to identify user by login and chose to him special outgoing address
acl user1 proxy_auth user1
acl user2 proxy_auth user2
tcp_outgoing_address user1
tcp_outgoing_address yyy.yy.yy.yyy user2

My Part off

http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

internet_users contains user1 and user2 with passwords.

But when i try to connect to proxy server like user1 and after this like user2 squid redirecting me on user1’s outgoing ip in first and second time too. But in the second time squid must use user2’s outgoing ip.

Can someone please point me where i mistaked?


Leave a Comment

Previous post:

Next post: