I use ngx_http_access_module‘s allow/deny directives to protect sensitive parts of my websites from public access. But if a website is protected by CloudFlare, or same-scheme DDoS protection/CDN provider, your nginx will get only CloudFlare’s IPs, so your blocking (or any another IP-based, e.g. GeoIP) rules will not work. This HOWTO is written for CloudFlare. P.S.
PAM authentication is best for using on small (up to 10 users) squid installation. It is easy-to-use and does not even need recompilation from source, required helper ships with standard configuration (and in package, of course). You just need to add users to your system. But it hides a little trick: aside of configuring it