• Home

  • Documents

  • Securing Squid (Proxy) Using Digest Authentication
7
Securing Squid (Proxy) Using Digest Authentication

Securing Squid (Proxy) Using Digest Authentication

Embed Size (px)

Citation preview

Page 1: Securing Squid (Proxy) Using Digest Authentication

Securing Squid (Proxy)Using Digest Authentication

Page 2: Securing Squid (Proxy) Using Digest Authentication

Authenticasi Method in Squid• The user credentials can be passed from the web browser to the proxy in

several ways. These methods are called authentication schemes.Squid supports the following schemes:

– basic. This is the oldest and most insecure scheme. User name and password are transferred in clear text and can be read by anyone who can access the transferred data. You need to be aware of this and decide if this is acceptable in your environment.

– digest. This a better, more secure authentication scheme. Instead of passing the password in clear text, this scheme uses a hash based on the password and several other parameters.

– NTLM. NTLM is a protocol that is used in several Microsoft network implementations to enable single sign-on across different services. Squid supports NTLM for proxy authentication, although it is not an official HTTP extension.

Page 3: Securing Squid (Proxy) Using Digest Authentication

Recommendation• Usually digest is the best choice, because it is a

standardized and rather secure authentication scheme. However, the current Squid versions (2.5.x) require the passwords to be available in clear text on the system running the proxy in order to create the correct digest hash. This makes it difficult to integrate Squid into an existing authentication environment where passwords are usually only stored as a hash of the actual password. Future versions of the Squid package (starting with version 3.0) will most likely support encrypted passwords for the digest authentication scheme.

Page 4: Securing Squid (Proxy) Using Digest Authentication

Installation

• # apt-get install squid apache2• # vim /etc/squid/squid.conf

find a string “INSERT INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS”

Page 5: Securing Squid (Proxy) Using Digest Authentication

Insert A Code• Code in after the “INSERT….

auth_param digest program /usr/lib/squid/digest_pw_auth -c /etc/squid/passwordauth_param digest children 2000auth_param digest realm pensauth_param digest nonce_garbage_interval 5 minutesauth_param digest nonce_max_duration 30 minutesauth_param digest nonce_max_count 50auth_param digest post_workaround off

acl password proxy_auth REQUIREDacl jarkom src 10.252.108.0/255.255.255.0http_access allow jarkom password

Page 6: Securing Squid (Proxy) Using Digest Authentication

Creating password & Restarting Daemon

• # htdigest -c /etc/squid/password pens idris(entry your password)

• # /etc/init.d/squid restart

Page 7: Securing Squid (Proxy) Using Digest Authentication

Testing

• Open your browser and set your proxy server as localhost on port 3128

• Access a website


Using Squid Proxy for Authentication and Traffic Shaping

Using Squid Proxy for Authentication and Traffic Shaping

Documents
Proxy Squid en Debían

Proxy Squid en Debían

Documents
Squid Proxy Configuration Guide

Squid Proxy Configuration Guide

Documents
Installation Guide Supplement - Forcepoint · Installation Guide Supplement for use with Squid Web Proxy Cache 7 Squid Web Proxy Cache Integration Installation The Squid plug-in must

Installation Guide Supplement - Forcepoint · Installation Guide Supplement for use with Squid Web Proxy Cache 7 Squid Web Proxy Cache Integration Installation The Squid plug-in must

Documents
Manual Proxy Squid

Manual Proxy Squid

Documents
Squid (WWW Proxy Server)

Squid (WWW Proxy Server)

Documents
Project on squid proxy in rhel 6

Project on squid proxy in rhel 6

Technology
(eBook) Squid Proxy Server

(eBook) Squid Proxy Server

Documents
Squid proxy-configuration-guide

Squid proxy-configuration-guide

Technology
Setting Squid Sebagai Transparent Proxy Di Windows Xp

Setting Squid Sebagai Transparent Proxy Di Windows Xp

Documents
Building a Secure Squid Web Proxy

Building a Secure Squid Web Proxy

Documents
for use with SQUID WEB PROXY CACHE - Forcepointkb.websense.com/pf/12/webfiles/WBSN Documentation/v6.3.3/English... · Squid Web Proxy Cache X 7 CHAPTER 1 Introduction Thank you for

for use with SQUID WEB PROXY CACHE - Forcepointkb.websense.com/pf/12/webfiles/WBSN Documentation/v6.3.3/English... · Squid Web Proxy Cache X 7 CHAPTER 1 Introduction Thank you for

Documents
Squid Es Un Proxy Cache Para La Web de Apoyo HTTP

Squid Es Un Proxy Cache Para La Web de Apoyo HTTP

Documents
Features supported by squid proxy server

Features supported by squid proxy server

Technology
Arisnb proxy-squid-monitoring

Arisnb proxy-squid-monitoring

Technology
Caching Proxy 3.5 Setup Guide - downloads.newboundary.com EM… · auth_parambasicprogramC:\Squid\lib\squid\basic_ncsa_auth.exeC:\Squid\etc\squid\.htpasswd auth_parambasicchildren5

Caching Proxy 3.5 Setup Guide - downloads.newboundary.com EM… · auth_parambasicprogramC:\Squid\lib\squid\basic_ncsa_auth.exeC:\Squid\etc\squid\.htpasswd auth_parambasicchildren5

Documents
(Ebook) Squid Proxy Server.pdf

(Ebook) Squid Proxy Server.pdf

Documents
Cara Setting Hit-Queues Tree-Mangle Mikrotik - Squid Proxy External -Lengkap

Cara Setting Hit-Queues Tree-Mangle Mikrotik - Squid Proxy External -Lengkap

Documents
Install Guide Supplement for use with Squid Web Proxy Cache

Install Guide Supplement for use with Squid Web Proxy Cache

Documents
Bandwidth Management with the Squid Caching Proxy Server Guy Antony Halse

Bandwidth Management with the Squid Caching Proxy Server Guy Antony Halse

Documents
Bandwidth Management with the Squid Caching Proxy Server fileQuick Overview of Squid • Squid is a caching proxy server. • It’s the open-source equivalent of products like Novell’s

Bandwidth Management with the Squid Caching Proxy Server fileQuick Overview of Squid • Squid is a caching proxy server. • It’s the open-source equivalent of products like Novell’s

Documents
Manual Squid 2.7 Proxy Iltro Contenido Windows

Manual Squid 2.7 Proxy Iltro Contenido Windows

Documents
Longfin Squid, Shortfin Squid - · PDF fileA proxy reference point for MSY ... Like longfin squid, shortfin squid are under the jurisdiction of the MAFMs MS FMP. 7 ii. Production statistics

Longfin Squid, Shortfin Squid - · PDF fileA proxy reference point for MSY ... Like longfin squid, shortfin squid are under the jurisdiction of the MAFMs MS FMP. 7 ii. Production statistics

Documents
Squid - National Chiao Tung University · U 8 Proxy –SQUID Configuration (6) qSample: Reverse Proxy Configuration http_port 80 vhost icp_port 3130 cache_mem 32 MB cache_dir ufs

Squid - National Chiao Tung University · U 8 Proxy –SQUID Configuration (6) qSample: Reverse Proxy Configuration http_port 80 vhost icp_port 3130 cache_mem 32 MB cache_dir ufs

Documents
Manual Sobre Crear Un Proxy Transparente Con PfSense - Squid + SquidGuard - LinuxParty

Manual Sobre Crear Un Proxy Transparente Con PfSense - Squid + SquidGuard - LinuxParty

Documents
The Squid caching proxy Chris Wichura caw@cawtech.com

The Squid caching proxy Chris Wichura [email protected]

Documents
The Squid caching proxy

The Squid caching proxy

Documents
for use with SQUID WEB PROXY CACHEkb.websense.com/pf/12/webfiles/WBSN Documentation/support... · INSTALLATION GUIDE for use with SQUID WEB PROXY CACHE v6.2 Websense Enterprise®

for use with SQUID WEB PROXY CACHEkb.websense.com/pf/12/webfiles/WBSN Documentation/support... · INSTALLATION GUIDE for use with SQUID WEB PROXY CACHE v6.2 Websense Enterprise®

Documents
HTTPS Proxy test with Squid

HTTPS Proxy test with Squid

Documents
tep by Step Install Squid Proxy Server on Fedora 11

tep by Step Install Squid Proxy Server on Fedora 11

Documents