Configuring Basic authentication

3 July 2024

ID 166445

These instructions are applicable if Kaspersky Web Traffic Security was installed from an RPM or DEB package to a ready-to-use operating system. If Kaspersky Web Traffic Security was installed from an ISO file, configuration files for the built-in proxy server cannot be manually changed.

Perform the steps for configuring Basic authentication on the server hosting the Squid service.

To configure authentication, the user account must have superuser rights.

To configure Basic authentication:

  1. Add the following lines into the beginning of the /etc/squid/squid.conf file, depending on the operating system:
    • CentOS or Red Hat Enterprise Linux:

      auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

      auth_param basic children 10

      auth_param basic realm Squid proxy-caching web server

      auth_param basic casesensitive off

      auth_param basic credentialsttl 1 minute

      acl authenticated_user proxy_auth REQUIRED

      http_access deny !authenticated_user

    • SUSE Linux Enterprise Server:

      auth_param basic program /usr/sbin/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

      auth_param basic children 10

      auth_param basic realm Squid proxy-caching web server

      auth_param basic casesensitive off

      auth_param basic credentialsttl 1 minute

      acl authenticated_user proxy_auth REQUIRED

      http_access deny !authenticated_user

    • Ubuntu, Debian, or ALT Server:

      auth_param basic program /usr/lib/squid/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

      auth_param basic children 10

      auth_param basic realm Squid proxy-caching web server

      auth_param basic casesensitive off

      auth_param basic credentialsttl 1 minute

      acl authenticated_user proxy_auth REQUIRED

      http_access deny !authenticated_user

  2. If you want to enable logging of events in debug mode, in the /etc/squid/squid.conf file add the -d parameter to the first string.
    • CentOS or Red Hat Enterprise Linux:

      auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

    • SUSE Linux Enterprise Server:

      auth_param basic program /usr/sbin/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

    • Ubuntu, Debian, or ALT Server:

      auth_param basic program /usr/lib/squid/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

    Debug events will be written to the file /var/log/squid/cache.log.

  3. Restart the Squid service. To do so, execute the command:

    service squid restart

Basic authentication will be configured.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.