Howto: Squid proxy authentication using ncsa_auth helper

For fine control you may need to use Squid proxy server authentication. This will only allow authorized users to use proxy server.
You need to use proxy_auth ACLs to configure ncsa_auth module. Browsers send the user’s authentication in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.
However squid is not equipped with password authentication. You need to take help of authentication helpers. Following are included by default in most squid and most Linux distros:

=> NCSA: Uses an NCSA-style username and password file.
=> LDAP: Uses the Lightweight Directory Access Protocol
=> MSNT: Uses a Windows NT authentication domain.
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
=> SMB: Uses a SMB server like Windows NT or Samba.
=> getpwam: Uses the old-fashioned Unix password file.
=> SASL: Uses SALS libraries.
=> NTLM, Negotiate and Digest authentication

Configure an NCSA-style username and password authentication
I am going to assume that squid is installed and working fine.
Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization
Step # 1: Create a username/password
First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.

# htpasswd /etc/squid/passwd user1

Output:
New password:
Re-type new password:
Adding password for user user1
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd
Step # 2: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
Step # 3: Configure nsca_auth for squid proxy authentication
Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the file.
Where,
• auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
• auth_param basic children 5 : The number of authenticator processes to spawn.
• auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
• auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for – in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
• auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
• acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
• http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
Restart squid:
# /etc/init.d/squid restart
Now user is prompted for username and password.

Asterisk CLI Command Information

This allows you to run a command as if it was typed into the asterisk CLI. Examples:

* sip show peers
o This displays all the known SIP devices, and their state, according to Asterisk
* show channels
o Show any channels that are in use at the moment
* soft hangup Zap/1
o Hangs up the Zap/1 channel

——————————————————————-
General commands
!: Executes a given shell command
abort halt: Cancel a running halt
add extension: Add new extension into context
add ignorepat: Add new ignore pattern
add indication: Add the given indication to the country
debug channel: Enable debugging on a channel
dont include: Remove a specified include from context
help: Display help list, or specific help on a command
include context: Include context in other context
load: Load a dynamic module by name logger reload: Reopen log files. Use after rotating the log files.
no debug channel: Disable debugging on a channel
pri debug span: Enables PRI debugging on a span
pri intense debug span: Enables REALLY INTENSE PRI debugging
pri no debug span: Disables PRI debugging on a span
remove extension: Remove a specified extension
remove ignorepat: Remove ignore pattern from context
remove indication: Remove the given indication from the country
save dialplan: Overwrites your current extensions.conf file with an exported version based on the current state of the dialplan. A backup copy of your old extensions.conf is not saved. The initial values of global variables defined in the [globals] category retain their previous initial values; the current values of global variables are not written into the new extensions.conf. (:exclaim:) Using “save dialplan” will result in losing any comments in your current extensions.conf.
set verbose: Set level of verboseness
show agents: Show status of agents
show applications: Shows registered applications
show application: Describe a specific application
show channel: Display information on a specific channel
show channels: Display information on channels
show codecs: Display information on codecs
show conferences: Show status of conferences
show dialplan: Show dialplan
show hints: Show registered hints
show image formats: Displays image formats
show indications: Show a list of all country/indications
show locals: Show status of local channels
show manager command: Show manager commands
show manager connect: Show connected manager users
show parkedcalls: Lists parked calls
show queues: Show status of queues
show switches: Show alternative switches
show translation: Display translation matrix
soft hangup: Request a hangup on a given channel
show voicemail users: List defined voicemail boxes
show voicemail zones: List zone message formats

Server management
restart gracefully: Restart Asterisk gracefully, i.e. stop receiving new calls and restart at empty call volume
restart now: Restart Asterisk immediately
restart when convenient: Restart Asterisk at empty call volume

Note: Restart is more like a reload, not a real restart it just runs the reload routines (thus open ports are not closed). Often you don’t need to really restart asterisk, instead just e.g. ‘unload chan_sip.so’ and ‘load chan_sip.so’.
reload: Reload configuration
stop gracefully: Gracefully shut down Asterisk, i.e. stop receiving new calls and shut down at empty call volume
stop now: Shut down Asterisk imediately
stop when convenient: Shut down Asterisk at empty call volume
extensions reload: Reload extensions and only extensions
unload: Unload a dynamic module by name
show modules: List modules and info about them
show uptime: Show uptime information
show version: Display Asterisk version info

AGI commands
show agi: Show AGI commands or specific help
dump agihtml: Dumps a list of agi command in html format

Database handling commands
database del: Removes database key/value
database deltree: Removes database keytree/values
database get: Gets database value
database put: Adds/updates database value
database show: Shows database contents

IAX Channel commands
iax2 debug: Enable IAX debugging
iax2 no debug: Disable IAX debugging
iax2 set jitter: Sets IAX jitter buffer
iax2 show cache: Display IAX cached dialplan
iax2 show channels: Show active IAX channels
iax2 show peers: Show defined IAX peers
iax2 show registry: Show IAX registration status
iax2 show stats: Display IAX statistics
iax2 show users: Show defined IAX users
iax2 trunk debug: Request IAX trunk debug
iax debug: Enable IAX debugging
iax no debug: Disable IAX debugging
iax set jitter: Sets IAX jitter buffer
iax show cache: Display IAX cached dialplan
iax show channels: Show active IAX channels
iax show peers: Show defined IAX peers
iax show registry: Show IAX registration status
iax show stats: Display IAX statistics
iax show users: Show defined IAX users
init keys: Initialize RSA key passcodes
show keys: Displays RSA key information

H323 channel commands
h.323 debug: Enable chan_h323 debug
h.323 gk cycle: Manually re-register with the Gatekeper
h.323 hangup: Manually try to hang up a call
h.323 no debug: Disable chan_h323 debug
h.323 no trace: Disable H.323 Stack Tracing
h.323 show codecs: Show enabled codecs
h.323 show tokens: Manually try to hang up a call
h.323 trace: Enable H.323 Stack Tracing

SIP channel commands
sip debug: Enable SIP debugging
sip no debug: Disable SIP debugging
sip reload: Reload sip.conf (added after 0.7.1 on 2004-01-23)
sip show channels: Show active SIP channels
sip show channel: Show detailed SIP channel info
sip show inuse: List all inuse/limit
sip show peers: Show defined SIP peers (clients that register to your Asterisk server)
sip show registry: Show SIP registration status (when Asterisk registers as a client to a SIP Proxy)
sip show users: Show defined SIP users

Zap channel commands
soft hangup Zap/1: Hangs up the Zap/1 channel
zap destroy channel: Destroy a channel
zap show channels: Show active zapata channels
zap show channel: Show information on a channel

MGCP channel commands
mgcp audit endpoint: Audit specified MGCP endpoint
mgcp debug: Enable MGCP debugging
mgcp no debug: Disable MGCP debugging
mgcp show endpoints: Show defined MGCP endpoints

skinny channel commands
skinny debug: Enable Skinny debugging
skinny no debug: Disable Skinny debugging
skinny show lines: Show defined Skinny lines per device

CAPI channel commands
capi debug: Enable CAPI debugging
capi no debug: Disable CAPI debugging
capi info: Show CAPI info

Sirrix ISDN channel commands
srx reload: Reload channel driver configuration; active calls are not terminated!
srx show ccmsgs: Disable / enable output of incoming callcontrol messages.
srx show chans: Show info about B-Channels
srx show globals: Show info about global settings
srx show groups: Show info about configured groups
srx show layers: Show info about ISDN stack (Layer 1, 2, 3)
srx show sxpvts: Show private info about active channels
srx show timers: Show info about running timers

vISDN ISDN channel commands (Driver which supports Euro ISDN for HFC chipsets)
visdn reload: Reloads vISDN configuration from the /etc/asterisk/visdn.conf file
show visdn calls: Shows active calls going through a vISDN channel.
show visdn huntgroups: Shows vISDN huntgroup information configured correctly in visdn.conf.
show visdn interfaces: Shows configured and available vISDN interfaces.
debug visdn generic: Enables generic vISDN debugging
debug visdn q921: Enables q.921 debugging
debug visdn q931: Enables q.931 debugging
no debug visdn generic: Disables generic vISDN debugging
no debug visdn q921: Disables q.921 debugging
no debug visdn q931: Disables q.931 debugging

from : http://www.freepbx.org/trac/wiki/AsteriskCli