1. Web Interface (WebGUI)
  2. Network
  3. Web Proxy
  4. Configure squid web proxy interface
  5. Authentication Methods
  6. Local Authentication

Local Authentication

Note: Web proxy must be running in non-transparent (i.e., conventional) mode for authentication.

Authentication Method - Local

None

Local

The Local authentication method (auth_param basic programm) offers the possibility over an internal Squid function to authenticate users with password and user query for the Internet access via HTTP, HTTPS and authenticate WebFTP. To get into the "Global authentication settings", the "Authentication method" needs to be set to "local" and then the "Save and Reload" button should be clicked, whereupon this area should be opened.

Global authentication settings

None

Number of authentication processes

(auth_param basic children)
Specifies the authentication process which can be started. If more authentication processes are needed, so there may be delays during authentication. To correct this behavior, it would help to set the value up (default value are 5).

Authentication cache TTL (in minutes)

(auth_param basic credentialsttl)
Specifies the "time-to-live" value of the cached user data in minutes. This value is measured from the last request (default 60 min.) .

Limit of IP addresses per user

(acl concurrent max_user_ip)
Here you can set how many simultaneous logins per user are permitted (default is empty <-> means any number).

Require authentication for unrestricted source addresses

Unrestricted IP addresses are also subject to local authentication. If this option is disabled, an authentication does not apply to unrestricted IPs.

Authentication realm prompt

(auth_param basic realm)
Here, an individual created text can be edited which will be displayed during the authentication process.

Domains without authentication (one per line)

(dst_noauth.acl)
Defines domains which work also without authentication.

Local user authentication

Gives the ability to adjust the authentication setting.

None

Within User management the Username and Password can be edited. There are three different groups defined.

Extended

Users of this group are not limited by the Time restrictions, Transfer limits and the MIME type filter.

Standard

Users of this group are limited by the Time restrictions, Transfer limits and the MIME type filter.

Disabled

Users from this category are blocked in general.

Change the web access password by the users

By the usage of this address:

https://ipfire:444/cgi-bin/chpasswd.cgi

It is possible for the users without administrative access to the webinterface to change their password for the local authentication.

None

Edit Page ‐ Yes, you can edit!

Older Revisions • May 17, 2020 at 8:13 pm • Jon