simple squid proxy with http authorization

Squid (caching) proxy has been used on the Internet for ages. The first release of Squid was back in the mid-90s!
Here is how you may use Squid as a proxy HTTP server with user and password authorization (it is easy to enable the caching, but we do not include such configuration). Our system is CentOS 7, but the configuration part is platform-independent, so just install it in your Linux distribution and use our configuration lines.

STEP 1) Install Squid

The instalation under CentOS 7

yum install squid

STEP 2) Squid configuration to use it as web caching proxy.

The configuration file is located in “/etc/squid/squid.conf” and you should add at the begging the following lines:

#MY ADITIONAL CONFIG
visible_hostname srvname
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/pass.squid
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/pass.squid

STEP 3) Create the password file.

[root@srv ~]# printf "myuser:$(openssl passwd -apr1)\n" >> /etc/squid/pass.squid
Password: 
Verifying - Password: 
[root@srv ~]# cat /etc/squid/pass.squid
myuser:$apr1$rbdVtoC8$9A7gjTjg.T8jQyBXm7cDQ1

There are more options to generate the password:
Using openssl and “-crypt” option, which will limit the password to 8 characters!

[root@srv ~]# printf "myuser:$(openssl passwd -crypt derfdfdTsgsg3423)\n" >> /etc/squid/pass.squid
Warning: truncating password to 8 characters
[root@srv ~]# cat /etc/squid/pass.squid
myuser:.4EyncW2x3tB.

Or the good old htpasswd:

[root@srv ~]# yum install httpd-tools
.....
.....
[root@srv ~]# htpasswd -c /etc/squid/pass.squid myuser
New password: 
Re-type new password: 
Adding password for user myuser
[root@srv ~]# cat /etc/squid/pass.squid
myuser:$apr1$3rf0e9xu$yW2BMnszPjGg.N4Ep5oAx0
[root@srv ~]#

Tune the permissions to the password file:

[root@srv ~]# chown squid:squid /etc/squid/pass.squid 
[root@srv ~]# chmod 600 /etc/squid/pass.squid

STEP 4) Configure firewall to allow connections to the proxy

[root@srv ~]# firewall-cmd --permanent --add-service=squid
success
[root@srv ~]# firewall-cmd --reload
success

STEP 5) Start Squid service.

[root@srv ~]# systemctl start squid
[root@srv ~]# systemctl status squid
● squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-01-23 10:44:19 UTC; 3s ago
     Docs: man:squid(8)
  Process: 12865 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
  Process: 12859 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
 Main PID: 12866 (squid)
    Tasks: 3 (limit: 23832)
   Memory: 14.9M
   CGroup: /system.slice/squid.service
           ├─12866 /usr/sbin/squid -f /etc/squid/squid.conf
           ├─12868 (squid-1) --kid squid-1 -f /etc/squid/squid.conf
           └─12869 (logfile-daemon) /var/log/squid/access.log

Jan 23 10:44:19 srv systemd[1]: Starting Squid caching proxy...
Jan 23 10:44:19 srv systemd[1]: Started Squid caching proxy.
Jan 23 10:44:19 srv squid[12866]: Squid Parent: will start 1 kids
Jan 23 10:44:19 srv squid[12866]: Squid Parent: (squid-1) process 12868 started
[root@srv ~]# systemctl enable squid
Created symlink /etc/systemd/system/multi-user.target.wants/squid.service → /usr/lib/systemd/system/squid.service.

STEP 6) Test the proxy.

You may want to test the proxy with curl, for example:

curl -x "http://192.168.0.20:3128" -U "myuser:testtest" http://www.google.com/

And you are going to see in the log “/var/log/squid/access.log” a line similar to:

1579778191.802    133 192.168.0.15 TCP_MISS/200 17623 GET http://www.google.com/ myuser HIER_DIRECT/216.58.212.4 text/html

Leave a Reply

Your email address will not be published.