How to: Linux / UNIX setup Squid Proxy authentication

by on October 8, 2007 · 4 comments· LAST UPDATED October 8, 2007

in , ,

Q. I'm using Squid Cache Version 2.6.STABLE. It is configured perfectly and I'd like to know how do I allow squid to only authenticated users?

A. Squid can authenticate users if squid is configured to use proxy_auth ACLs. Browsers send the user's authentication credentials in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.

If the header is missing, Squid returns an HTTP reply with status 407 (Proxy Authentication Required). The user agent (browser) receives the 407 reply and then prompts the user to enter a name and password. The name and password are encoded, and sent in the Authorization header for subsequent requests to the proxy.

Your Squid software comes with a few authentication helper programs. These include (click link below to open Squid cache authentication configuration tutorial):

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 4 comments… read them below or add one }

1 deepak August 29, 2009 at 1:18 pm

I want to know about the user based authentication on squid server.Plz help me

Reply

2 mikey October 8, 2009 at 8:08 am

cool

~Mike, Malaysia

Reply

3 Anil Pandey September 28, 2011 at 6:54 am

I want to know about the user based authentication on squid server.Plz help me
how to configure it plz guide me step by step
thanx

Reply

4 Amit Tyagi March 21, 2014 at 11:12 am

PROXY SERVER

Squid Proxy Server Configuration in RHEL6
Introduction of Squid
Squid is a proxy server for caching and filtering web content. Squid proxy is used by various organization and internet providers to reduce bandwidth and to increase response time.
Squid proxy service will cache the requested web-content and re-using it for the further request of the same content.

Why Squid Proxy Server??
•Website Restriction.
•Authentication & Security.
•Caching.
•Bandwidth Management.
•Time-based Usage.
Configuration Information
•PACKAGES REQUIRED: #squid
•DAEMON: /usr/sbin/squid
•SCRIPT:/etc/init.d/squid
•PORT: 3128 (squid) Default, 80
•CONFIGURATION:/etc/squid/squid.conf
•SERVICE: service squid restart
Configuration Steps-
•Power on the Server.
•Login as a root user
•Type the root user password. And login

•After Login, Right Click from the mouse on Desktop & Select the “open in terminal “option. For using the command line mode.

•Check the hostname and ip address of server it will be used in editing
of squid.conf file.

•Check the ftp service is running or not by using this command
• Service (space)vsftpd(space) status (Press Enter)

•If the service is stop, then run the command
•service(space) vsftpd(space)restart (Press Enter)
•Again Run The command-service(space)vsftpd(space)restart (Press Enter)

•Squid rpm is required to configure squid web proxy server check it for install if not found install it.
•Run the command for checking the squid rpm is installed or not.
#rpm(space) –q(space)squid (Press Enter)

•If the Package is not installed then follow the given below steps-
•For removing the Package #yum(space)remove(space)squid*
Step1: Install squid package
#yum (space) install (space) squid* (Press Enter)

#Press Y Button from the keyboard for Yes-(Press Enter)

•Configure the squid proxy as Web Filter

Block specific web site:

•For example, we can see how to block specific web sites like this facebook, yahoo and orkut.

Step1: Create a file and add the site names which have to be blocked.
#vim(space) /usr/local/etc/blocksites.squid (Press Enter)
(Press I for enter in Insert mode, for writing any text), & Insert all the websites which have to be blocked for the Network/user.

.facebook.com
.gmail.com
.orkut.com
.yahoo.com

After inserting all the websites which have to blocked.
Press the Esc button of the keyboard, insert
: wq! , Then press the Enter.
For save & exit the file.

*Note-create this file for all the users.every user having own specific file.
* copy this blocksites.squid file for all users, like-
#cp(space) /usr/local/etc/blocksites.squid(space)/usr/local/etc/blocksites6.squid
#cp (space)/usr/local/etc/blocksites.squid(space)/usr/local/etc/blocksites7.squid
#cp (space)/usr/local/etc/blocksites.squid(space)/usr/local/etc/blocksites8.squid
#cp (space)/usr/local/etc/blocksites.squid(space)/usr/local/etc/blocksites9.squid
#cp(space)/usr/local/etc/blocksites.squid(space) /usr/local/etc/blocksites10.squid
As so on…………for all users……
#for example-if we having the 50 users in the network then we have to create 50 blocksites files.

#Go to inside the directory- cd(space)/usr/local/etc/ (Press Enter)
#ls (Press Enter)

Step2: Open squid configuration file and create acl (access control list) for all users.

#vim(space)/etc/squid/squid.conf

By default squid configuration file “/etc/squid/squid.conf” will contains recommended minimum configuration and squid caching feature will work without making any changes. Recommended minimum configuration will looks like the below-

#Press the Down Arrow key from the keyboard to see the full file content.

#Press the Down Arrow key from the keyboard to see the full file content.

#Press I Button from the keyboard for Insert any text in file.
#creates the acl (access control list) or rule for all users at the Place (Link-1) in default squid configuration file.Like-

#creates the rules for allowing /denying websites for particular user/host at the place (Link-2) in default squid configuration file.Like-

#Change the http_Port 3128 to http_port IP Address of server: 80 in /etc/squid/squid.conf at the place (Link-3).

#Press the Esc Button of the keyboard. Type
: wq!
For save & Exit.
#service (space) squid (space) restart (Press Enter)
#chkconfig (space) squid (space) on (Press Enter)

Client side Configuration

Setup client to use squid cache proxy server
#For Mozila Firefox-
#First we start with Mozilla Firefox browser. Click Tools menu and choose Options….

#In ‘Options’ window, choose Advanced tab. There are General, Network, Update and Encryption tabs. Choose Network and in the ‘Connection section’, click Settings… to configure how Firefox connects to the Internet.

#In ‘Connection Settings’ window, click Manual proxy configuration and key in ‘HTTP Proxy’ and ‘Port’. Don’t forget to tick Use this proxy server for all protocols.

#Click OK.

#For Internet Explorer-
#For Internet Explorer browser, follow the steps below to configure Squid cache proxy client:
#Click on Internet explorer.
#Click on “Tool” Tab. Select the “internet Options”

#Select the Connections Tab.

#Click on LAN Setting, when ‘Local Area Network Settings’ window pops up, enter Squid proxy server IP address and port in ‘Proxy server’ section. Click ‘OK’.

How to Disable Proxy setting for users in Internet Explorer.
So that any user can not change the proxy setting.
#Click on “Start” Button

#then click on “Run” Tab

#Type “gpedit.msc”in Run, for open the Group Policy. Then Press “OK” Button.

#in the “Group Policy” window select the “user configuration” Tab

#Then Select the “Administrative Templates” Tab.

#now select the “windows components” Tab

#now select the “internet explorer” tab.

#now select the “internet control panel” Tab.

#click on “Disable the connections page”. which is “not configured”.

#In “Disable the connections page Properties” Page select the “enable” Tab. Then Click on “Apply” & “OK”.

#Backup & Restoration of Squid Configuration file-
#make a folder/Directory on the desktop.
#mkdir(space)/root/Desktop/folder name(backup) (Press Enter)

#copy the squid.conf file at desired location.
#cp(space)/etc/squid/squid.conf (space)/root/Desktop/squid.conf
(Press Enter)

#copy all the blocksites file at backup folder.
#cp –r /usr/local/etc/(space)/root/Desktop/backup/

#keeps the backup folder as a backup.

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , ,

Previous Faq:

Next Faq: