Squid proxy note
Introduction
This is just a quick note for myself.
Squid is a popular open-source proxy server that can significantly enhance your network’s performance and security. This guide will walk you through the process of setting up Squid3 on Linux, providing you with a powerful tool for caching web requests, improving bandwidth utilization, and controlling access to web content.
Installation
First, let’s update the system and install Squid along with the necessary utilities:
sudo apt-get update
sudo apt-get install squid
sudo apt-get install apache2-utils
Setting Up User Authentication
To secure your proxy, we’ll set up user authentication:
- Create a password file:
sudo touch /etc/squid/passwords
sudo chmod 600 /etc/squid/passwords
Security Note: We use chmod 600 instead of 777 to ensure only the root user can read and write to this file.
- Add a user (replace [USERNAME] with your desired username):
sudo htpasswd -c /etc/squid/passwords [USERNAME]
You’ll be prompted to enter and confirm a password. Choose a strong, unique password to enhance security.
Configuring Squid Proxy
- Backup the default configuration:
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.backup
- Create a new configuration file:
sudo vim /etc/squid/squid.conf
- Add the following configuration:
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 24 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all
dns_v4_first on
forwarded_for delete
via off
http_port 7788
Configuration Explanation:
auth_param basic
: Sets up basic authentication using the password file we created.credentialsttl 24 hours
: Credentials are valid for 24 hours before re-authentication is required.casesensitive off
: Usernames are not case-sensitive.dns_v4_first on
: Prioritizes IPv4 for faster lookups.forwarded_for delete
andvia off
: Enhances privacy by removing certain headers.http_port 7788
: Sets the proxy to listen on port7788
(you can choose any available port).
Starting and Managing Squid
- Start the Squid service:
sudo systemctl start squid
- Enable Squid to start on boot:
sudo systemctl enable squid
- Check the service status:
sudo systemctl status squid
Using the Proxy
To use your new proxy, configure your applications with the following format:
http://[SERVER_IP]:7788:[USERNAME]:[PASSWORD]