Home > How To > SQUID on Ubuntu Setup with Authentication

SQUID on Ubuntu Setup with Authentication

Today, My buddy wanted to setup a proxy server for his project.

So I volunteered to get it done. Here goes nothing.

First lets install SQUID (on Ubuntu)
ahmed@ahmed-work-horse:~$ sudo apt-get install squid
  • By Default proxy will be running on port 3128
  • And will deny all connections 🙂
  • you can change this by changing the line below in /etc/squid/squid.conf file.
  • # is a comment in conf file 
#http_access deny !Safe_ports
  • Replace the above line with line below
http_access allow Safe_ports
or
http_access allow all

Creating a user
  • First create a user password file using htpasswd command. 
  • htpasswd is used to create username and password for basic authentication of squid users.
ahmed@ahmed-work-horse:~$ sudo htpasswd -c /etc/squid/passwd proxy_user
New password: 
Re-type new password: 
Adding password for user proxy_user
  • Make sure squid can read passwd file:
ahmed@ahmed-work-horse:~$ sudo chmod o+r /etc/squid/passwd
  • Locate nsca_auth authentication helper
  • Usually nsca_auth is located at /usr/lib/squid/ncsa_auth.
  • Configure nsca_auth for squid proxy authentication
  • Now open /etc/squid/squid.conf file
ahmed@ahmed-work-horse:~$ sudo vi /etc/squid/squid.conf
  • Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
  • Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
  • Save and close the file.
  • Then restart squid
ahmed@ahmed-work-horse:~$ sudo service squid restart
[sudo] password for ahmed: 
squid start/running, process 2166

Below are the details 

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd: Specify squid password file and helper program location
auth_param basic children 5: The number of authenticator processes to spawn.
auth_param basic realm Squid proxy-caching web server: Part of the text the user will see when prompted their username and password
auth_param basic credentialsttl 2 hours: Specifies how long squid assumes an externally validated username:password pair is valid for – in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
auth_param basic casesensitive off: Specifies if usernames are case sensitive. It can be on or off only
acl ncsa_users proxy_auth REQUIRED: The REQURIED term means that any authenticated user will match the ACL named ncsa_users
http_access allow ncsa_users: Allow proxy access only if user is successfully authenticated.
Advertisements
Categories: How To
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: