Golfreeze.packetlove.com: Life style of Golfreeze Canon400D Family kammtan.com Jazz Freebsd Unix Linux System Admin guitar Music

All about unix linux freebsd and FAQ for Packetlove.com Web hosting , Mail hosting , VoIP + IP PBX server => All Security via cyber space relate golfreeze task. => Topic started by: golfreeze on กุมภาพันธ์ 01, 2022, 11:46:45 PM

Title: ubuntu20.04 setup proxy with username password authenticated.
Post by: golfreeze on กุมภาพันธ์ 01, 2022, 11:46:45 PM
===install squid on ubuntu20.04
apt update
apt install squid
systemctl status squid.service
systemctl enable squid.service
vi /etc/squid/squid.conf

===start of squid.conf===
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
 # Deny CONNECT to other than secure SSL ports
 http_access deny CONNECT !SSL_ports
 # Only allow cachemgr access from localhost
 http_access allow localhost manager
 http_access deny manager
 # We strongly recommend the following be uncommented to protect innocent
 # web applications running on the proxy server who think the only
 # one who can access services on "localhost" is a local user
 #http_access deny to_localhost
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 #
 include /etc/squid/conf.d/*
 ##allow user pass authen via proxy
 auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
 auth_param basic realm proxy
 acl authenticated proxy_auth REQUIRED
 ##add from golf ip whois current ip check via https://whatismyipaddress.com/
 acl localnet src 49.228.38.136
 # Example rule allowing access from your local networks.
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
 #http_access allow localnet
 #http_access allow localhost
 http_access allow authenticated
 # And finally deny all other access to this proxy
 http_access deny all
===end of squid.conf===

===after that last step need to install for htaccess password user
apt install apache2-utils
htpasswd -c /etc/squid/passwords axpkl2
systemctl restart squid.service
ufw allow 3128

=====Ip: 116.204.180.2
=====setup proxy user and password
htpasswd  /etc/squid/passwords axpkl3


==test from pc or Macbook (49.228.38.136)
curl -v -x http://axpkl2:pklpkl2@116.204.180.2:3128 http://www.google.com/

=====show log could connect via proxy normally
===tail -f /var/log/squid/access.log
==DENIED
1643733370.341      0 49.228.38.136 TCP_DENIED/407 4051 CONNECT www.google.com:443 axpkl HIER_NONE/- text/html
==CONNECTED
1643733378.519    291 49.228.38.136 TCP_TUNNEL/200 26450 CONNECT www.google.com:443 axpkl2 HIER_DIRECT/142.250.199.36