简介
squid实现用户名密码认证,白名单限制
配置说明
白名单配置不能用*.aliyun.com通配符,需要用全域名,如*.oss-cn-hangzhou.aliyuncs.com
部署步骤
- 安装squid
yum install squid -y
- 安装http-tools用于创建用户认证信息
yum install perl-Apache-Htpasswd.noarch
htpasswd /etc/squid/passwd xxxx ##创建用户
- 创建认证用户
htpasswd /etc/squid/passwd aiic
- 创建白名单列表/etc/squid/web.list
cat /etc/squid/web.list
openslr.elda.org
docker.com
npm.com
- 修改squid配置
cat /etc/squid/squid.comf
http_port 8080
cache_mem 64 MB
maximum_object_size 4 MB
cache_dir ufs /tmp/squid 100 16 256
access_log /var/log/squid/access.log
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm aicloud
auth_param basic credentialsttl 5 hours
acl weblist dstdomain "/etc/squid/web.list"
acl test proxy_auth REQUIRED
acl CONNECT method CONNECT
http_access deny !weblist
http_access deny !test
http_access allow weblist
http_access allow aicloud
http_access deny all