How to Install and Configure Squid3 on Ubuntu 14.04…
What is Proxy Server
In brief a proxy server is a gateway which forwards your communication to the destination on behalf of you and sends back the messages to you. So the destination thinks that you are the proxy server and threats you accordingly. For instance if your proxy server is in Japan and you are in the US you may end up seeing advertisements or even sites in Japanese. In addition to that your ISP also thinks that you are trying to reach the address of your proxy server not the actual site you are requesting. For more info hit the wiki page.
To simplify it further, lets think that you want to send an mail to someone else but you don’t want neither your post office to know whom you are sending the mail nor the destination to know from where it received the mail while being able to send the response back to you. In this case you can simply hire someone in another country to just forward the mails to addresses hidden inside the envelope and re-envelope them before sending. As long as no one opens the envelope before your proxy, no one knows where the mail being sent. However if you are not using an encrypted form of communication with your proxy, someone can just open the mail get the address and still send it to its destination.
For securing the communication between you and the proxy server one method is using encrypted tunnels such as ssh tunneling which is completely possible with squid3 but hold on this post is just about setting squid3 up on Ubuntu 14.04 with basic authentication so you are not completely safe 😉
What is Squid
Squid is a popular easily configurable, robust, low resource consuming, fast and customisable proxy server – squid3 is currently the latest version of it.
Installation
squid3 comes within Ubuntu 14.04 default repo so nothing special;
sudo apt-get install squid3
Setup
First we need to edit the conf file, I prefer nano for editing, you can choose what u want
sudo nano /etc/squid3/squid.conf
Find INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS in the conf file and add the following lines just after it
acl allcomputers src 0.0.0.0/0.0.0.0 auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords auth_param basic realm proxy acl authenticated proxy_auth REQUIRED http_access allow authenticated allcomputers
By doing that you tell squid to allow all computers (with 0.0.0.0 mask) with authentication and the username-password s are in etc/squid3/passwords file. You can change these two for your own setup, I will continue as if you did not change them.
Authentication – User creation
I prefer to use htpasswd for password creation which you can install by;
sudo apt-get install apache2-utils
after that, we need to create the password file;
sudo htpasswd -c -d /etc/squid3/passwords any_username_you_want
and enter your 8-digits long password twice. By using -d we tell htpasswd to use default crypt, I failed authenticating without it don’t really know why though.
Just to be sure the file is accessible;
sudo chmod o+r /etc/squid3/passwords
WARNING: At this point be careful your password should be 8 digits long otherwise it will use the first 8 digits off your password. You can use something shorter. |
RUN / Start-Stop
You can use
sudo start squid3
OR
sudo service squid3 start
for stopping or restarting simply type stop or restart instead of start
Final Words
Squid3 runs just perfect even with low resources. However there are some issues you just consider about security. From my own experiences I do not recommend you to use any proxy server without authentication. What happened to me was some robots found my 3128 port running (which is the default squid port) and started using my proxy server without my knowledge, when I realized that there already were hundred MBs of log. So do not use without authentication and keep an eye on the logs from time to time. You can simply do that by;
tail -100f /var/log/squid3/access.log
Here you will see which IPs are trying to use your proxy and the addresses trying to be accessed. I also recommend you to change the default squid port as the robots directly trying to reach some known default ports such as 3128. Changing the port is also simpe, open the squid.conf file and search for
http_port 3128
simply put something else instead of 3128.
For the client side I use FoxyProxy for FireFox, I think there is also a plugin for Chrome as well.
Enjoy!
3 COMMENTS
Hi
Am trying to setup the Auth with squid server..
I had my client machine and the proxy server in the same network….That time i was not getting the auth prompt when i access a website….
But, when i move my client machine to a different network, i could see the auth prompt…
Doesn’t both can be in the same network ?
My squid config
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl client src 192.168.117.0/24 192.168.0.0/16 172.16.0.0/16 119.82.97.250
http_access allow client
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
auth_param basic realm proxy
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Thanks for the info.
To Saleh:
You need to change the last line to:
http_access allow ncsa_users client
This is what I had to do in my config file and all works as it should now.
Thanks a lot for this tutorial, I had the same problem as you, some bots found my proxy and started using it and even worse, sharing it across hundreds of site, I just noticed it when I searched for my proxy on google.