SQUID on Ubuntu Setup with Authentication
So I volunteered to get it done. Here goes nothing.
First lets install SQUID (on Ubuntu)
ahmed@ahmed-work-horse:~$ sudo apt-get install squid
- By Default proxy will be running on port 3128
- And will deny all connections 🙂
- you can change this by changing the line below in /etc/squid/squid.conf file.
- # is a comment in conf file
#http_access deny !Safe_ports
- Replace the above line with line below
http_access allow Safe_ports
http_access allow all
Creating a user
- First create a user password file using htpasswd command.
- htpasswd is used to create username and password for basic authentication of squid users.
ahmed@ahmed-work-horse:~$ sudo htpasswd -c /etc/squid/passwd proxy_user
Re-type new password:
Adding password for user proxy_user
- Make sure squid can read passwd file:
ahmed@ahmed-work-horse:~$ sudo chmod o+r /etc/squid/passwd
- Locate nsca_auth authentication helper
- Usually nsca_auth is located at /usr/lib/squid/ncsa_auth.
- Configure nsca_auth for squid proxy authentication
- Now open /etc/squid/squid.conf file
ahmed@ahmed-work-horse:~$ sudo vi /etc/squid/squid.conf
- Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
- Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
- Save and close the file.
- Then restart squid
ahmed@ahmed-work-horse:~$ sudo service squid restart
[sudo] password for ahmed:
squid start/running, process 2166
Below are the details
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd: Specify squid password file and helper program location
auth_param basic children 5: The number of authenticator processes to spawn.
auth_param basic realm Squid proxy-caching web server: Part of the text the user will see when prompted their username and password
auth_param basic credentialsttl 2 hours: Specifies how long squid assumes an externally validated username:password pair is valid for – in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
auth_param basic casesensitive off: Specifies if usernames are case sensitive. It can be on or off only
acl ncsa_users proxy_auth REQUIRED: The REQURIED term means that any authenticated user will match the ACL named ncsa_users
http_access allow ncsa_users: Allow proxy access only if user is successfully authenticated.
Categories: How To