Squid user authentication


You can configure Squid to prompt users for a username and password. Squid comes with a program called ncsa_auth that reads any NCSA-compliant encrypted password file. You can use the htpasswd program that comes installed with Apache to create your passwords.

Create the password file. The name of the password file should be /etc/squid/squid_passwd, and you need to make sure that it’s universally readable

touch /etc/squid3/squid_passwd

chmod o+r /etc/squid3/squid_passwd

Use the htpasswd program to add users to the password file. You can add users at anytime without having to restart Squid. In this case, you add a username called admin

htpasswd /etc/squid3/squid_passwd admin

New password:

Re-type new password:

Adding password for user admin

Find your ncsa_auth file using the locate command.

locate ncsa_auth


Edit squid.conf…..specifically, you need to define the authentication program in squid.conf, which is in this case ncsa_auth. Next, create an ACL named ncsa_users with the REQUIRED keyword that forces Squid to use the NCSA auth_param method you defined previously. Finally, create an http_access entry that allows traffic that matches the ncsa_users ACL entry

# Add this to the auth_param section of squid.conf
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd

# Add this to the bottom of the ACL section of squid.conf
acl ncsa_users proxy_auth REQUIRED

# Add this at the top of the http_access section of squid.conf
http_access allow ncsa_users

May be a modified my acl &  http_access will be like this

acl my_network src
acl ncsa_users proxy_auth REQUIRED
acl work_hours time SMTWHFA 07:00-21:00

http_access allow  my_network ncsa_users work_hours

Restart squid 🙂

Screenshot from 2012-12-10 11:51:15







If denied…..

Screenshot from 2012-12-10 11:51:24


One thought on “Squid user authentication

  1. Pingback: raspberry pi - squid3 proxy and ad blocker

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s