diff --git a/README.md b/README.md index 66b689b..c8dde3c 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,8 @@ This page is the v4.4 manual, and the other version of the manual can be checked - [6.3 SOCKS5 to HTTP(S) + SOCKS5](#63socks5-to-http-socks5) - [6.4 Chain style connection](#64chain-style-connection) - [6.5 Listening on multiple ports](#65listening-on-multiple-ports) - - [6.6 View Help](#56transfer-through-ssh) + - [6.6 Authentication](#66authentication) + - [6.7 View Help](#67view-help) - [7.KCP Configuration](#7kcp-configuration) - [7.1 Configuration introduction](#71configuration-introduction) - [7.2 Configuration details](#72configuration-details) @@ -730,7 +731,49 @@ finish。 In general, listening one port is enough, but if you need to monitor 80 and 443 ports at the same time as a reverse proxy, the -p parameter can support it. The format is:`-p 0.0.0.0:80,0.0.0.0:443`, Multiple bindings are separated by a comma. -#### **6.6.view help** +#### **6.6.Authentication** +SPS supports HTTP(s)\socks5 proxy authentication, which can concatenate authentication, there are four important information: +1:Users send authentication information`user-auth`。 +2:Local authentication information set up`local-auth`。 +3:Set the authentication information accessing to the father proxy`parent-auth`。 +4:The final authentication information sent to the father proxy`auth-info-to-parent`。 +The relationship between them is as follows: + +| user-auth | local-auth | parent-auth | auth-info-to-paren +| ------ | ------ | ------ | ------ +| yes/no | yes    |     yes   |   come from parent-auth   +| yes/no | no | yes | come from parent-auth +| yes/no | yes | no | no +| no | no | no | no +| yes | no | no | come from user-auth + +For SPS proxy we can have username and password to authenticate, and the authentication username and password can be specified on the command line +`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p ":33080" -a "user1:pass1" -a "user2:pass2"` +if there are multiple users, repeat the -a parameters. +It can also be placed in a file, which is a line to a username: password, and then specified in -F parameter. +`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p ":33080" -F auth-file.txt` + +If the father proxy is authenticated, the lower level can set the authentication information through the -A parameters, such as: +father proxy:`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p ":33080" -a "user1:pass1" -a "user2:pass2"` +local proxy:`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -A "user1:pass1" -t tcp -p ":33080" ` + +In addition, SPS proxy, local authentication is integrated with external HTTP API authentication, and we can specify a HTTP URL interface address through the --auth-url parameter, +Then, when there is a user connection, proxy will request this URL by GET way, with the following four parameters, and if the HTTP state code 204 is returned, the authentication is successful. +Other cases consider authentication failure. +for example: +`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p ":33080" --auth-url "http://test.com/auth.php"` +When the user is connected, proxy will request this URL by GET way("http://test.com/auth.php"), +Four parameters with user, pass, IP, and target: +http://test.com/auth.php?user={USER}&pass={PASS}&ip={IP}&target={TARGET} +user:username +pass:password +ip:user's ip,for example:192.168.1.200 +target: if the client is the HTTP (s) proxy request, this represents the complete URL of the request, and the other cases are empty. + +If there is no -a or -F or --auth-url parameters, local authentication is closed. +If there is no -A parameter, the connection to the father proxy does not use authentication. + +#### **6.7.view help** `./proxy help sps` ### **7.KCP Configuration**