Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Tutorial on how to setup a squid proxy with authentication.

Note

This tutorial is for Ubuntu & Squid3. Use AWS, Google cloud, Digital Ocean or any services with Ubuntu to follow this tutorial.

Install squid & update

sudo apt-get update
sudo apt-get install squid3
sudo apt-get install apache2-utils

Setup the password store

Choose a username/password. Example:

username: abc
password: 123

Type in console:

sudo touch /etc/squid/passwords
sudo chmod 777 /etc/squid/passwords
sudo htpasswd -c /etc/squid/passwords [USERNAME]

Replace [USERNAME] with your username, in this example: abc.

You will be prompted for entering the password. Enter and confirm it. This example password: 123.

[Optional] Test the password store

/usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords

After executing this line the console will look like its hung, there is a prompt without any text in it. Enter USERNAME PASSWORD (replacing these with your specific username and password) and hit return. You should receive the response "OK".

If not, review the error message, your username/password might be incorrect. Its also possible basic_ncsa_auth is located on a different path (e.g. lib64).

Config squid proxy

Backup default config file:

sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.original

Make a new configuration files

sudo vi /etc/squid/squid.conf

Enter this in the config file

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
dns_v4_first on
forwarded_for delete
via off
http_port 8888
  • auth_param basic credentialsttl 24 hours: after 24 hours, user/pass will be asked again.
  • auth_param basic casesensitive off: case sensitive for user is off.
  • dns_v4_first on: use only IPv4 to speed up the proxy.
  • forwarded_for delete: remove the forwarded_for http header which would expose your source to the destination
  • via off: remove more headers to avoid exposing the source.
  • http_port 8888: port 8888 is used for proxy. You can choose any port.

Save the file in vi with [esc]:wq

Start the squid service

Start squid: sudo service squid start

To check service status: service squid status

Restart the squid service and try proxy

Restart squid service sudo service squid restart or sudo systemctl restart squid.service.

Use your proxy with your ip:port. Example: 111.111.222.333:8888 and login with your user/pass.

Caution

You might need to create inbound firewall rule first before using the proxy.

For Google cloud: Firewall. Create an Ingress rule, Target Apply to all, IP range of 0.0.0.0/0, allow TCP:8888, UDP:8888 for all traffic.

@fawazahmed0
Copy link

fawazahmed0 commented May 24, 2021

Thanks

@guidol70
Copy link

guidol70 commented Aug 21, 2022

Cool - a short working instructions. ;)
I did setup a squid proxy, because my Arduino IDE 1.8.19 had problems without proxy to download some index.json files.

My /etc/squid/squid.conf is a litle bit different:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
acl localnet src 192.168.6.0/24 # RFC1918 possible internal network
http_access allow localnet
http_access deny all
dns_v4_first on
forwarded_for delete
via off
http_port 8888

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment