Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the urvanov-syntax-highlighter domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/clients/client3/web2/web/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/clients/client3/web2/web/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the urvanov-syntax-highlighter domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/clients/client3/web2/web/wp-includes/functions.php on line 6114
HTTP Proxy with Advanced Authentication Using Squid Squid3
Navigate

HTTP Proxy with Advanced Authentication in Squid

Squid is a proxy/cache application which is used in variety of situations. In this post, we are going to use Squid as a HTTP Proxy.

I have looked up many sites and most of them cover setting up old squid so here is an updated post on setting up Squid3 as a HTTP_Proxy with username and password authentication on Ubuntu. This was tested with 12.04 and should work on 13.04 and 14.04.

Steps:

  1. Update your system and install squid. 
    sudo apt-get update
sudo apt-get install squid
  2. Make a backup copy of the squid configuration file. 
    sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.bk
  3. Create a file to store squid passwords. 
    sudo touch /etc/squid3/squid_passwd
sudo chown proxy /etc/squid3/squid_passwd
  4. Create a user and password. 
    sudo htpasswd -d /etc/squid3/squid_passwd ##username##
##EXAMPLE##
sudo htpasswd -d /etc/squid3/squid_passwd sugavanas

    You will be requested to add a new password and confirm it as well. Password is limited to 8 characters due to crypt function.

  5. Locate ncsa_auth. To locate the file, you will have to run updatedb first and then locate it. 
    updatedb
locate ncsa_auth

    This will output the location of ncsa_auth. /usr/lib/squid3/ncsa_auth (The file should be named as ncsa_auth without any extensions. You might get more than one location depending on your system)

  6. Once you have added the user, all you have to do now is three lines to squid.conf. Open the file first for editing, 
    vi /etc/squid3/squid.conf

    Then use the command section to type in /auth_param. This will bring you to the auth_param tag. Go down until the end of the auth_param comments and add the below line, (by default there shouldn’t be anything in auth_param if you just installed squid.. so add this line before the next tag starts)

    auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd

    You will have to change the ncsa_auth location, if you got a different location when locating it. If you followed this tutorial, then the squid_passwd location should be the same.

    Now you can use page down button untill you see the Access Control Section (ACL). Just add this line before the acl SSL_PORT Line.

    acl ncsa_users proxy_auth REQUIRED


    And then go the http_access section and add this before every other http_access.

    http_access allow ncsa_users

    Write the changes and Exit using :wq 

  7. Restart squid by using, 
    service squid3 restart

    You should see output like,

    squid3 stop/waiting
squid3 start/running, process 3674

    Restart it again and if you get something like the above output then the service is running. If you get like this,

    stop: Unknown instance:
squid3 start/running, process 2701

    Then you have a problem with your squid.conf or the passwd file.

  8. Now you can connect to the proxy by using your ip, port, username and password. The default port is 3128Connection depends on the browser or system. Once you are connected google My IP to check your public IP.

Using IPv4 and not IPv6

If your public IP shown in google or any other IP address finder site is a IPv6 address then open the squid.conf file again.

vi /etc/squid3/squid.conf

search for TAG: dns_v4_first using /TAG: dns_v4_first.

After,

#Default:
#dns_v4_first off

Add,

dns_v4_first on

And restart squid by running,

service squid3 restart

Now if you check your IP, it should be IPv4 and not IPv6.

More than one IP

If you have more than one IP, then you could open the squid.conf file. Search for http_port 3128 (if you did not change the default port) and before 3128 add your IP and : ,

http_port 111.222.333.444:3128

Restart squid and it should be using the IP you chose.

Anonymizing your Traffic

Open up squid.conf file again. Go to the end of file and add this,

  forwarded_for off
  request_header_access Allow allow all
  request_header_access Authorization allow all
  request_header_access WWW-Authenticate allow all
  request_header_access Proxy-Authorization allow all
  request_header_access Proxy-Authenticate allow all
  request_header_access Cache-Control allow all
  request_header_access Content-Encoding allow all
  request_header_access Content-Length allow all
  request_header_access Content-Type allow all
  request_header_access Date allow all
  request_header_access Expires allow all
  request_header_access Host allow all
  request_header_access If-Modified-Since allow all
  request_header_access Last-Modified allow all
  request_header_access Location allow all
  request_header_access Pragma allow all
  request_header_access Accept allow all
  request_header_access Accept-Charset allow all
  request_header_access Accept-Encoding allow all
  request_header_access Accept-Language allow all
  request_header_access Content-Language allow all
  request_header_access Mime-Version allow all
  request_header_access Retry-After allow all
  request_header_access Title allow all
  request_header_access Connection allow all
  request_header_access Proxy-Connection allow all
  request_header_access User-Agent allow all
  request_header_access Cookie allow all
  request_header_access All deny all

Restart squid.

service squid3 restart

And now if you go to any proxy detection site, they won’t detect your proxy.

This way your real public IP is safe and no website can see it.

Have any questions ? Comment.

 

ubuntusquid3squidproxyauthentication
Sugavanas: Founder of TheTechTerminus.