如何设置 Squid 使其绕过本地网络上客户端的基本身份验证?
How to setup Squid so it bypasses basic auth for clients on localnet?
我有这个 squid 配置文件,它应该通过使用基本身份验证来保护 squid 免受未经身份验证的访问。
Squid 作为 docker 服务运行,我想为所有其他 docker 服务授予未经身份验证的访问权限。我观察到服务在网络范围 10.0.0.1 - 10.0.255.254 中运行(根据 squid 的 access_log)。
当我从 Internet 访问 squid 时,基本身份验证工作正常。
当我从服务 shell 访问 squid 时,它仍在请求身份验证。预期的结果是自由通过。我错过了什么?
#port
http_port 1379
#dns
dns_nameservers 127.0.0.11 146.185.167.43 80.241.218.68 46.182.19.48 85.95.218.42 185.95.218.43 91.239.100.100 89.233.43.71
#logging
access_log /etc/squid/access_log
cache_log /etc/squid/error_log
#authentication
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/squid_auth
auth_param basic children 5
auth_param basic realm Proxy Authentication Required
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#disable caching
cache deny all
#turn of persistent connections, so round robin works properly
client_persistent_connections off
server_persistent_connections off
#acl's
#local net
acl localnet src 10.0.0.0/16 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
#cache manager
acl manager url_regex -i ^cache_object:// /squid-internal-mgr/
#basic auth
acl auth_users proxy_auth squid
#smtp relaying
acl smtp port 25
acl smtps port 465
acl CONNECT method CONNECT
#safe ports
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
#protect against smtp attacks
http_access allow localhost manager
http_access deny manager
#allow only safe ports
http_access deny !Safe_ports
#prohibit to use the proxy as an smtp relay
http_access deny CONNECT !SSL_ports
http_access deny CONNECT smtp
http_access deny CONNECT smtps
http_access allow localnet
http_access allow localhost
http_access allow auth_users
http_access deny all
#remove headers
via off
forwarded_for off
forwarded_for truncate
follow_x_forwarded_for deny all
request_header_access Cache-Control deny all
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
#wire everything to parent
cache_peer hannibal parent 1279 0 no-query default
prefer_direct off
never_direct allow all
您需要(重新)启动docker swarm 服务
我有这个 squid 配置文件,它应该通过使用基本身份验证来保护 squid 免受未经身份验证的访问。
Squid 作为 docker 服务运行,我想为所有其他 docker 服务授予未经身份验证的访问权限。我观察到服务在网络范围 10.0.0.1 - 10.0.255.254 中运行(根据 squid 的 access_log)。
当我从 Internet 访问 squid 时,基本身份验证工作正常。
当我从服务 shell 访问 squid 时,它仍在请求身份验证。预期的结果是自由通过。我错过了什么?
#port
http_port 1379
#dns
dns_nameservers 127.0.0.11 146.185.167.43 80.241.218.68 46.182.19.48 85.95.218.42 185.95.218.43 91.239.100.100 89.233.43.71
#logging
access_log /etc/squid/access_log
cache_log /etc/squid/error_log
#authentication
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/squid_auth
auth_param basic children 5
auth_param basic realm Proxy Authentication Required
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#disable caching
cache deny all
#turn of persistent connections, so round robin works properly
client_persistent_connections off
server_persistent_connections off
#acl's
#local net
acl localnet src 10.0.0.0/16 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
#cache manager
acl manager url_regex -i ^cache_object:// /squid-internal-mgr/
#basic auth
acl auth_users proxy_auth squid
#smtp relaying
acl smtp port 25
acl smtps port 465
acl CONNECT method CONNECT
#safe ports
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
#protect against smtp attacks
http_access allow localhost manager
http_access deny manager
#allow only safe ports
http_access deny !Safe_ports
#prohibit to use the proxy as an smtp relay
http_access deny CONNECT !SSL_ports
http_access deny CONNECT smtp
http_access deny CONNECT smtps
http_access allow localnet
http_access allow localhost
http_access allow auth_users
http_access deny all
#remove headers
via off
forwarded_for off
forwarded_for truncate
follow_x_forwarded_for deny all
request_header_access Cache-Control deny all
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
#wire everything to parent
cache_peer hannibal parent 1279 0 no-query default
prefer_direct off
never_direct allow all
您需要(重新)启动docker swarm 服务