在加速器模式(反向代理)下使用自定义身份验证助手配置 squid

在加速器模式(反向代理)下使用自定义身份验证助手配置 squid

我需要将 Squid 配置为反向代理,并为每个传入请求提供自定义身份验证帮助程序。对 Squid 的每个请求都假定采用基本身份验证。任何身份验证失败的连接都应终止。我是 Squid 新手。以下是我使用的配置脚本。此示例用于访问“mindofaprogrammer.blog.com”,

acl all src all
acl manager proto cache_object

http_port 80 accel defaultsite=mindofaprogrammer.blog.com
cache_peer mindofaprogrammer.blog.com parent 80 0 no-query originserver name=myAccel

acl myblog dstdomain mindofaprogrammer.blog.com
http_access allow myblog
cache_peer_access myAccel allow myblog
cache_peer_access myAccel deny all


auth_param basic program C:/wamp/bin/php/php5.3.0/php.exe "c:/squid/libexec/authhelper.php"
auth_param basic children 2
auth_param basic realm eReader
auth_param basic credentialsttl 5 hours

acl AuthUsers proxy_auth REQUIRED
http_access allow AuthUsers

access_log c:/squid/var/logs/access.log squid
coredump_dir c:/squid/var/cache

我已经在 PHP 脚本中编写了自定义身份验证助手。其列表如下,

<?php
$f = fopen("php://stdin", "r");
while ($line = fgets($f)) {
        $line = trim($line);
        $fields = explode(' ', $line);
        $username = rawurldecode($fields[0]); //1738
        $password = rawurldecode($fields[1]); //1738
        if ($username == 'hello' 
            and $password == 'world') {
                fwrite(STDOUT, "OK\n");
        } else if ($username == 'fo'
            and $password == 'bar') {
                fwrite(STDOUT, "OK\n");
        } else {
                // failed miserably
                fwrite(STDOUT, "ERR\n");
        }
}
?>

我面临的问题是,即使配置了此功能,也只有反向代理设置有效,而身份验证无效。我在这里做错了什么吗?

答案1

显然我没有意识到 Squid 中配置语句的顺序很重要。以下配置对我有用。我在这里发布这篇文章是为了有同样需要的人,

acl all src all
acl manager proto cache_object

auth_param basic program C:/wamp/bin/php/php5.3.0/php.exe "c:/squid/libexec/authhelper.php"
auth_param basic children 2
auth_param basic realm Enter credential to access the service
auth_param basic credentialsttl 5 hours

acl AuthUsers proxy_auth REQUIRED
http_access allow AuthUsers

http_port 80 accel defaultsite=www.google.com
cache_peer www.google.com parent 80 0 no-query originserver name=myAccel

acl GoogleSite dstdomain www.google.com
http_access allow GoogleSite
cache_peer_access myAccel allow GoogleSite
cache_peer_access myAccel deny all

access_log c:/squid/var/logs/access.log squid
coredump_dir c:/squid/var/cache

自定义身份验证助手仍然相同。

相关内容