Squid configuration for proxy server

Question

I have a server with 10 ip's that I want to give access to some friends via authentication but I'm stuck on squid's config file.

Let's say I have these ip's available on my server:

212.77.23.10 212.77.1.10 68.44.82.112

And I want to allocate each one of them to a different user like so:

212.77.23.10 goes to user manilodisan using password 123456 212.77.1.10 goes to user manilodisan1 using password 123456 68.44.82.112 goes to user manilodisan2 using password 123456

I managed to add the passwords and authentication works ok but how do I do to restrict one user to one of the available ip's?

I have a basic setup from different bits I found over the internet but nothing seems to work. Here's my squid.conf (all comments are removed to make it lighter):

acl ip1 myip 212.77.23.10
acl ip2 myip 212.77.1.10
tcp_outgoing_address 212.77.23.10 ip1
tcp_outgoing_address 212.77.1.10 ip2
http_port 8888
visible_hostname weezie

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid-passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users 

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443  # https
acl SSL_ports port 563  # snews
acl SSL_ports port 873  # rsync
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443  # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http
acl Safe_ports port 631  # cups
acl Safe_ports port 873  # rsync
acl Safe_ports port 901  # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern .  0 20% 4320

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

extension_methods REPORT MERGE MKACTIVITY CHECKOUT

hosts_file /etc/hosts

forwarded_for off

coredump_dir /var/spool/squid

Answer 1

Why not just allow access to your squid server by IP?

If you have webmin, you can try the following:

(This tutorial assumes you have successfully installed both Webmin and Squid on your server)..listed HERE

Once you have logged in Webmin, on the left you will see “Servers.” Click on that and then click on “Squid Proxy Server.” You may need to fill out some information such as the correct paths for your Squid install. Once you have done that, you will be able to configure Squid through Webmin.

Click on “Ports and Networking” and note what the port is that Squid will be using (default: 3128). This is the port that you will need to enter on your browser in order to use Squid. Then return to the Squid Module Index and click on the “Access Control” button.

At the bottom there is a button called “Create new ACL.” Before you click on that, select “Client Address” from the drop down box next to the button. Now click on the button. On this page, you are going to to fill in the following information: - ACL Name: home_network (you can name this whatever you want. no spaces) - From IP: the first IP allowed to use Squid. For example, you can type in 192.168.1.0 and that will allow all IP’s that start with 192.168.1. - To IP: Enter the last IP allowed, or you can again use 192.168.1.0 - Netmask: Enter your subnet mask (255.255.255.0)

Click Save. This will return you to the Access Control screen. Click on “Proxy restrictions” at the top. Now click Add proxy restriction. Click the allow button next to Action, and highlight “home_network,” or whatever you named your ACL above. Click Save.

You will now see your new entry at the bottom of the list. On the right hand side click the up arrow to move your new ACL to where it is above the line that the action is “Deny” and the ACLs is all. (Should be one move) At the very top of the screen click on “Apply Changes.” Then return to the main Squid Proxy Server Page. Click on Stop Squid, allow it to stop, and then click on Start Squid.

You have now completed the setup for Squid on your server. We now need to allow the port you assigned to Squid to pass your firewall. If you are using iptables, add the following line to your iptables: -A INPUT -p tcp –dport 3128 -j ACCEPT