HTTP Proxy with Advanced Authentication in Squid

0
1638

Squid is a proxy/cache application which is used in variety of situations. In this post, we are going to use Squid as a HTTP Proxy.

I have looked up many sites and most of them cover setting up old squid so here is an updated post on setting up Squid3 as a HTTP_Proxy with username and password authentication on Ubuntu. This was tested with 12.04 and should work on 13.04 and 14.04.

Steps:

  1. Update your system and install squid.
  2. Make a backup copy of the squid configuration file.
  3. Create a file to store squid passwords.
  4. Create a user and password.

    You will be requested to add a new password and confirm it as well. Password is limited to 8 characters due to crypt function.
  5. Locate ncsa_auth. To locate the file, you will have to run updatedb first and then locate it.

    This will output the location of ncsa_auth. /usr/lib/squid3/ncsa_auth (The file should be named as ncsa_auth without any extensions. You might get more than one location depending on your system)
  6. Once you have added the user, all you have to do now is three lines to squid.conf. Open the file first for editing,

    Then use the command section to type in /auth_param. This will bring you to the auth_param tag. Go down until the end of the auth_param comments and add the below line, (by default there shouldn’t be anything in auth_param if you just installed squid.. so add this line before the next tag starts)

    6f16b7efb01eb06d66e0ba32b4df8f7a

    23a9d596b29037cc398ebc57aaca2613You will have to change the ncsa_auth location, if you got a different location when locating it. If you followed this tutorial, then the squid_passwd location should be the same.

    Now you can use page down button untill you see the Access Control Section (ACL). Just add this line before the acl SSL_PORT Line.

    5a8ba6a7508a01c6a00e79b2c240a0ce
    And then go the http_access section and add this before every other http_access.

    88173c6c9e25b4cd313c9e983d00ab91Write the changes and Exit using :wq 

  7. Restart squid by using,

    You should see output like,

    Restart it again and if you get something like the above output then the service is running. If you get like this,

    Then you have a problem with your squid.conf or the passwd file.

  8. Now you can connect to the proxy by using your ip, port, username and password. The default port is 3128Connection depends on the browser or system. Once you are connected google My IP to check your public IP.

Using IPv4 and not IPv6

If your public IP shown in google or any other IP address finder site is a IPv6 address then open the squid.conf file again.

search for TAG: dns_v4_first using /TAG: dns_v4_first.

After,

Add,

And restart squid by running,

Now if you check your IP, it should be IPv4 and not IPv6.

More than one IP

If you have more than one IP, then you could open the squid.conf file. Search for http_port 3128 (if you did not change the default port) and before 3128 add your IP and : ,

Restart squid and it should be using the IP you chose.

Anonymizing your Traffic

Open up squid.conf file again. Go to the end of file and add this,

Restart squid.

And now if you go to any proxy detection site, they won’t detect your proxy.

This way your real public IP is safe and no website can see it.

Have any questions ? Comment.