代理服务器的 Squid 配置

tag-icon tag-icon linux squid
代理服务器的 Squid 配置

我有一台具有 10 个 IP 的服务器,我想通过身份验证授予一些朋友访问权限,但我被困在 squid 的配置文件中。

假设我的服务器上有以下可用的 IP:

  • 212.77.23.10
  • 212.77.1.10
  • 68.44.82.112

我想将它们分别分配给不同的用户,如下所示:

  • 212.77.23.10 分配给用户 manilodisan,密码为 123456
  • 212.77.1.10 分配给用户 manilodisan1,密码为 123456
  • 68.44.82.112 分配给用户 manilodisan2,密码为 123456

我设法添加了密码并且身份验证工作正常,但我该如何将一个用户限制在其中一个可用的 IP 上?

我根据从互联网上找到的不同资料建立了一个基本设置,但似乎没有什么用。这是我的 squid.conf(删除了所有注释以使其更简洁):

acl ip1 myip 212.77.23.10
acl ip2 myip 212.77.1.10
tcp_outgoing_address 212.77.23.10 ip1
tcp_outgoing_address 212.77.1.10 ip2
http_port 8888
visible_hostname weezie

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid-passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users 

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443  # https
acl SSL_ports port 563  # snews
acl SSL_ports port 873  # rsync
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443  # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http
acl Safe_ports port 631  # cups
acl Safe_ports port 873  # rsync
acl Safe_ports port 901  # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern .  0 20% 4320

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

extension_methods REPORT MERGE MKACTIVITY CHECKOUT

hosts_file /etc/hosts

forwarded_for off

coredump_dir /var/spool/squid

答案1

尝试添加以下内容

acl manilodisan proxy_auth manilodisan
acl manilodisan1 proxy_auth manilodisan1
http_access allow ip1 manilodisan
http_access allow ip2 manilodisan1

相关内容