Introduction

This is just a quick note for myself.

Squid is a popular open-source proxy server that can significantly enhance your network’s performance and security. This guide will walk you through the process of setting up Squid3 on Linux, providing you with a powerful tool for caching web requests, improving bandwidth utilization, and controlling access to web content.

Installation

First, let’s update the system and install Squid along with the necessary utilities:

sudo apt-get update
sudo apt-get install squid
sudo apt-get install apache2-utils

Setting Up User Authentication

To secure your proxy, we’ll set up user authentication:

  1. Create a password file:
sudo touch /etc/squid/passwords
sudo chmod 600 /etc/squid/passwords

Security Note: We use chmod 600 instead of 777 to ensure only the root user can read and write to this file.

  1. Add a user (replace [USERNAME] with your desired username):
sudo htpasswd -c /etc/squid/passwords [USERNAME]

You’ll be prompted to enter and confirm a password. Choose a strong, unique password to enhance security.

Configuring Squid Proxy

  1. Backup the default configuration:
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.backup
  1. Create a new configuration file:
sudo vim /etc/squid/squid.conf
  1. Add the following configuration:
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
dns_v4_first on
forwarded_for delete
via off
http_port 7788

Configuration Explanation:

  • auth_param basic: Sets up basic authentication using the password file we created.
  • credentialsttl 24 hours: Credentials are valid for 24 hours before re-authentication is required.
  • casesensitive off: Usernames are not case-sensitive.
  • dns_v4_first on: Prioritizes IPv4 for faster lookups.
  • forwarded_for delete and via off: Enhances privacy by removing certain headers.
  • http_port 7788: Sets the proxy to listen on port 7788 (you can choose any available port).

Starting and Managing Squid

  1. Start the Squid service:
sudo systemctl start squid
  1. Enable Squid to start on boot:
sudo systemctl enable squid
  1. Check the service status:
sudo systemctl status squid

Using the Proxy

To use your new proxy, configure your applications with the following format:

http://[SERVER_IP]:7788:[USERNAME]:[PASSWORD]