How to Install a SQUID Proxy Server with SSL / User Authentication Tutorial
Today we will be installing the Squid proxy server, with a few modifications, including SSL support, as well as user / http authentication.
Now lets start of by installing the squid package:
Now the squid server should have automatically started, although if it hasn’t use:
The next step is to start the configuration, so we will start by editing Squid’s config file:
Now we need to define both the port and the IP address our server will be listening on, so locate the following line (and change as needed)
and / or
Bare in mind if your server is connected to the net, their are gonig to be two interfaces, both your external IP and internal, hence 127.0.0.1 and XX.XX.XX.XX
Port 3128 is the default port for Squid, although you might want to change this for security reasons.. ^_^
Now the last step is to define which IP’s / ranges are proxy server will accept connection from.
An example has been provide below, these values can be added in the “http_access allow” section of the configuration file:
An example has been provided below:
http_access allow our_networks
http_access allow 127.0.0.1
http_access allow all
This lets all devices on the main interface 192.168.1.0 / 24 range connect, as well as localhost and you can define any other range.
If you would like to deny any other connections from other nodes originating from different IP ranges add the following underneath:
That’s the core of the config completed, now its time to restart the server and check out the server!
Now we have a proxy server – which you is listening on XX.XX.XX.XX:3128.
Enter this information into your browser’s proxy config and test it out! Hopefully everything should go smoothley
Anonymous Server
—————-
Now if you would like an anonymous proxy server, please see the section below, if not, just skip the next session…
For anonymous server search for “header_access Authorization allow all” line in Squid’s config file and uncomment it and all “header_access” below it or use this config:
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
header_access Cookie allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access WWW-Authenticate allow all
header_access All deny all
All done
Caching Data
————
Now if we want squid to cache data we need to go into the configuration file again and uncomment this line:
This specifies where the cached data will be placed, how many MB’s of storage available (100), number of directories for data (16)
and number of subdirectories for data (256). You can specify this yourself, although I reccomend leaving them as they are unless you know what your doing.
User Authentication
——————-
we will make use of htpasswd / NCSA.
If you use lighttpd (like myself) please read the following:, although if you use apache please proceed to Step 2
As you might be aware lighttpd does not support .htpasswd functionality
etc/init.d/apache stop
This install htpasswd, you can get the binary from somewhere if you would like :/
STEP 2
——
Now we need to enter the following so htpasswd will create a password file for our proxy:
Make sure Squid can read the file correctly:
Now we need to access the NCSA helper, which I beleive is in “/usr/lib/squid/ncsa_auth” if memory serves me correctly.
If in doubt just type the following in the console:
Now we need to edit Squid’s config again and set a few variables:
So locate the following lines
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
and uncomment them, with the above values ^^^
Now locate your ACL’s in the squid config and add the following lines:
http_access allow ncsa_users
Now save / close the file and then we restart Squid!
And test it out in your browser!
Setup the proxy XX.XX.XX.XX:3128
and when browsing yuo should be prompted for a username / password, enter it and your away!
SSL Encryption
————–
You now have an anonymous proxy that cache’s data Now I will be explaining how to encrypt all data from our server to our machine via the proxy.
In simple terms: The proxy (server) will fetch unencrypted data from a website, and then encrypt it and send it to us.
This is usefull if you don’t trust your ISP, or you are using a shared network etc.
Type:
type pass and conect via 3128
so ssh is making a tunell through ssh from the proxy, so its all encrypted!
Tip:
To actively monitor your squid server you can use the following command:
tail -f /var/log/squid/access.log
This is very usefull if your testing configurations
Leave a comment