Transparent proxy server Squid with a password on Ubuntu 11.04
Recently there was a task to implement some Kerio functions in linux, namely authorization
Squid proxy users in transparent mode. This is quite simple and
open spaces of the Internet a lot of articles how to do it, but there was a problem in transparent mode
(transparent proxy) authorization does not work. Of course, if you have a small number of users
this is not a problem, disabled transparent registered all proxy servers in browsers and that's it.
But when there is a lot of users and computers and to register a proxy server, everyone doesn’t have
opportunities / time, then you have to look for solutions. One solution is the Squid + PHP + NAT bundle.
The system on which all of this was tested and later worked on Ubuntu 11.04.
Install: MySQL, PHP5, Apache2, iptables, squid
Enable transparent mode in Squid:
Allow traffic to pass through:
Configure NAT in iptables:
We wrap port 80 in our server:
Add to the /etc/php5/apache2/php.ini file:
Next, create a database where users will be stored with us
Connect to the new database:
Create a table with login and password fields
Add data to the table
Exit the mysql console
So we created a database and put the user “user” there with the password “qwerty”
Next came the turn of the php script itself which will authorize
To work with the database I used the RedBeanPHP library, which can be downloaded in
official site
Contents of the index.php file
Contents of the hext.html file
Just put a META "<" and after the URL = http: //google.ru "">>
Thus, the user who wants to access the Internet, from the beginning wraps the server where
running php script. After the user has entered his username and password, the rules are added
in iptables, and port 80 of the user is wrapped in squid on port 3128
')
Actually that's all, of course, you can bring beauty and make it in general what would be
similar to Kerio, you can also add that the connection would be dropped after an hour
and required authorization again. In general, there are fields for creativity.
I hope it will be useful to someone, good luck.
Squid proxy users in transparent mode. This is quite simple and
open spaces of the Internet a lot of articles how to do it, but there was a problem in transparent mode
(transparent proxy) authorization does not work. Of course, if you have a small number of users
this is not a problem, disabled transparent registered all proxy servers in browsers and that's it.
But when there is a lot of users and computers and to register a proxy server, everyone doesn’t have
opportunities / time, then you have to look for solutions. One solution is the Squid + PHP + NAT bundle.
The system on which all of this was tested and later worked on Ubuntu 11.04.
Install: MySQL, PHP5, Apache2, iptables, squid
apt-get install squid mysql-server mysql-client php5 apache2Enable transparent mode in Squid:
nano /etc/squid/squid.conf
# NETWORK OPTIONS
http_port 192.168.0.1:3128 transparentAllow traffic to pass through:
echo "1" > /proc/sys/net/ipv4/ip_forwardConfigure NAT in iptables:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADEWe wrap port 80 in our server:
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:80Add to the /etc/php5/apache2/php.ini file:
extension=pdo.so
extension=pdo_mysql.soNext, create a database where users will be stored with us
mysql -u root -p
CREATE DATABASE authphp CHARACTER SET utf8;Connect to the new database:
\r authphpCreate a table with login and password fields
CREATE TABLE User (login CHAR(20), password CHAR(20));Add data to the table
INSERT INTO User VALUES ('user','qwerty');Exit the mysql console
\qSo we created a database and put the user “user” there with the password “qwerty”
Next came the turn of the php script itself which will authorize
To work with the database I used the RedBeanPHP library, which can be downloaded in
official site
Contents of the index.php file
<?php
require('rb.php');
$ip = getenv ("REMOTE_ADDR");
R::setup('mysql:host=localhost;dbname=authphp','root','qwerty');
if( $user = R::findOne('User',' login = ? and password = ?',
array( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) )
)
{
header('Location: next.html');
system("sudo iptables -t nat -D PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:80");
system("sudo iptables -t nat -D PREROUTING -s $ip -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128");
system("sudo iptables -t nat -A PREROUTING -s $ip -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128");
system("sudo iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:80");
exit(0);
}
$title = "Squid Server";
{
header('WWW-Authenticate: Basic realm="'.$title.'"');
header('HTTP/1.0 401 Unauthorized');
die("Otkaz");
}
?>Contents of the hext.html file
META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://google.ru"Just put a META "<" and after the URL = http: //google.ru "">>
Thus, the user who wants to access the Internet, from the beginning wraps the server where
running php script. After the user has entered his username and password, the rules are added
in iptables, and port 80 of the user is wrapped in squid on port 3128
')
Actually that's all, of course, you can bring beauty and make it in general what would be
similar to Kerio, you can also add that the connection would be dropped after an hour
and required authorization again. In general, there are fields for creativity.
I hope it will be useful to someone, good luck.
Source: https://habr.com/ru/post/140052/
All Articles