Squid proxy note

Introduction

This is just a quick note for myself.

Squid is a popular open-source proxy server that can significantly enhance your network’s performance and security. This guide will walk you through the process of setting up Squid3 on Linux, providing you with a powerful tool for caching web requests, improving bandwidth utilization, and controlling access to web content.

Installation

First, let’s update the system and install Squid along with the necessary utilities:

sudo apt-get update
sudo apt-get install squid
sudo apt-get install apache2-utils

Setting Up User Authentication

To secure your proxy, we’ll set up user authentication:

1. Create a password file:

sudo touch /etc/squid/passwords
sudo chmod 600 /etc/squid/passwords

Security Note: We use chmod 600 instead of 777 to ensure only the root user can read and write to this file.

1. Add a user (replace [USERNAME] with your desired username):

sudo htpasswd -c /etc/squid/passwords [USERNAME]

You’ll be prompted to enter and confirm a password. Choose a strong, unique password to enhance security.

Configuring Squid Proxy

1. Backup the default configuration:

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.backup

1. Create a new configuration file:

sudo vim /etc/squid/squid.conf

1. Add the following configuration:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
dns_v4_first on
forwarded_for delete
via off
http_port 7788

Configuration Explanation:

• auth_param basic: Sets up basic authentication using the password file we created.
• credentialsttl 24 hours: Credentials are valid for 24 hours before re-authentication is required.
• casesensitive off: Usernames are not case-sensitive.
• dns_v4_first on: Prioritizes IPv4 for faster lookups.
• forwarded_for delete and via off: Enhances privacy by removing certain headers.
• http_port 7788: Sets the proxy to listen on port 7788 (you can choose any available port).

Starting and Managing Squid

1. Start the Squid service:

sudo systemctl start squid

1. Enable Squid to start on boot:

sudo systemctl enable squid

1. Check the service status:

sudo systemctl status squid

1. Restart the service:

sudo service squid restart

Using the Proxy

To use your new proxy, configure your applications with the following format:

http://[SERVER_IP]:7788:[USERNAME]:[PASSWORD]