如何实现Squid Bash Shell API认证?
- By : Will
- Category : Forward Proxy
Forward Proxy
1 前言
一个问题,一篇文章,一出故事。
笔者需要使用Bash Shell语言为Squid定制一个API认证,于是整理此文。
2 最佳实践
2.1 环境配置
2.1.1 确认Squid认证API可用
curl -I -H "code:5818c3ab05ec4515863beaf9f474c40c" -m 10 -o /dev/null -s -w %{http_code} https://api.cmdschool.org/security/verifyCode
以上API需要程序员自己写逻辑,要求是返回一次性密码即可,以上命令向API发送基于Base Auth的账号和一次性密码,要求如果返回如下值,则密码正确,
200
如果返回如下值,则密码错误,
403
2.1.2 准备Squid服务器
2.2 配置认证助手
2.2.1 创建认证脚本
vim /usr/lib64/squid/squid_helper.sh
加入如下配置,
#!/bin/bash appUrl='https://api.cmdschool.org/security/verifyCode' logFile='/var/log/squid/squid_helper.log' while read -r line; do fields=($line) username=$(printf '%b' "${fields[0]//%/\\x}") password=$(printf '%b' "${fields[1]//%/\\x}") response=`curl -I -H "code:$password" -m 10 -o /dev/null -s -w %{http_code} $appUrl` echo `date +"%Y-%m-%d %H:%M:%S"`" 'staff:$username code:$password status:$response'" >> "$logFile" if [ "$response" == "200" ]; then echo "OK" else echo "ERR" fi done
脚本创建后,你需要使用如下命令授予执行权限,
chmod +x /usr/lib64/squid/squid_helper.sh
然后,使用如下命令创建日志文件,
touch /var/log/squid/squid_helper.log chown squid:squid /var/log/squid/squid_helper.log
2.2.2 加载认证脚本
vim /etc/squid/squid.conf
加入如下配置,
auth_param basic program /usr/lib64/squid/squid_helper.sh auth_param basic children 20 auth_param basic realm Username and password auth_param basic credentialsttl 5 hours acl AuthenticatedUsers proxy_auth REQUIRED http_access allow AuthenticatedUsers
加入配置后,你需要检查配置的语法并重载使配置生效,
squid -k check systemctl reload squid
2.3 测试认证助手
export http_proxy="http://user:code@10.168.0.80:3128" export https_proxy="http://user:code@10.168.0.80:3128" curl http://www.cmdschool.org curl https://www.cmdschool.org
参阅文档
========================
http://freesoftwaremagazine.com/articles/authentication_with_squid/
没有评论