Squid is a proxy/cache application which is used in variety of situations. In this post, we are going to use Squid as a HTTP Proxy.
I have looked up many sites and most of them cover setting up old squid so here is an updated post on setting up Squid3 as a HTTP_Proxy with username and password authentication on Ubuntu. This was tested with 12.04 and should work on 13.04 and 14.04.
Steps:
- Update your system and install squid.
12sudo apt-get updatesudo apt-get install squid - Make a backup copy of the squid configuration file.
1sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.bk - Create a file to store squid passwords.
12sudo touch /etc/squid3/squid_passwdsudo chown proxy /etc/squid3/squid_passwd - Create a user and password.
123sudo htpasswd -d /etc/squid3/squid_passwd ##username####EXAMPLE##sudo htpasswd -d /etc/squid3/squid_passwd sugavanas
You will be requested to add a new password and confirm it as well. Password is limited to 8 characters due to crypt function. - Locate ncsa_auth. To locate the file, you will have to run updatedb first and then locate it.
12updatedblocate ncsa_auth
This will output the location of ncsa_auth. /usr/lib/squid3/ncsa_auth (The file should be named as ncsa_auth without any extensions. You might get more than one location depending on your system) - Once you have added the user, all you have to do now is three lines to squid.conf. Open the file first for editing,
1vi /etc/squid3/squid.conf
Then use the command section to type in /auth_param. This will bring you to the auth_param tag. Go down until the end of the auth_param comments and add the below line, (by default there shouldn’t be anything in auth_param if you just installed squid.. so add this line before the next tag starts)1auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwdYou will have to change the ncsa_auth location, if you got a different location when locating it. If you followed this tutorial, then the squid_passwd location should be the same.
Now you can use page down button untill you see the Access Control Section (ACL). Just add this line before the acl SSL_PORT Line.
1acl ncsa_users proxy_auth REQUIRED
And then go the http_access section and add this before every other http_access.1http_access allow ncsa_users - Restart squid by using,
1service squid3 restart
You should see output like,
12squid3 stop/waitingsquid3 start/running, process 3674Restart it again and if you get something like the above output then the service is running. If you get like this,
12stop: Unknown instance:squid3 start/running, process 2701Then you have a problem with your squid.conf or the passwd file.
- Now you can connect to the proxy by using your ip, port, username and password. The default port is 3128Connection depends on the browser or system. Once you are connected google My IP to check your public IP.
Using IPv4 and not IPv6
If your public IP shown in google or any other IP address finder site is a IPv6 address then open the squid.conf file again.
1 |
vi /etc/squid3/squid.conf |
search for TAG: dns_v4_first using /TAG: dns_v4_first.
After,
1 2 |
#Default: #dns_v4_first off |
Add,
1 |
dns_v4_first on |
And restart squid by running,
1 |
service squid3 restart |
Now if you check your IP, it should be IPv4 and not IPv6.
More than one IP
If you have more than one IP, then you could open the squid.conf file. Search for http_port 3128 (if you did not change the default port) and before 3128 add your IP and : ,
1 |
http_port 111.222.333.444:3128 |
Restart squid and it should be using the IP you chose.
Anonymizing your Traffic
Open up squid.conf file again. Go to the end of file and add this,
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all |
Restart squid.
1 |
service squid3 restart |
And now if you go to any proxy detection site, they won’t detect your proxy.
This way your real public IP is safe and no website can see it.
Have any questions ? Comment.