Apr
4
Installing Squid With Simple Authentication (NCSA)
April 4, 2008 | 1 Comment
Today I installed my first web proxy server using Squid on my Ubuntu 7.10 server. The goal is to allow myself to use this server as a web proxy remotely. To prevent anyone from abusing this server, I configured it to use simple authentication (username/password).
Below are the complete steps (if I remember them correctly.. hehe ) :-
Installing Squid
1. sudo -s (I always prefer to maintain as a root user while installing/removing applications)
2. apt-get install squid (You will see some error after the installation, ignore it as it will be fixed in the next section)
Configuring Squid
1. It is always a good practice to backup all the configuration files before you alter them. So let us make a copy of the squid.conf
# cd /etc/squid/
# cp squid.conf squid.conf.original
2. We will need to create a password file to store the user’s authentication
# touch /etc/squid/squid_passwd
# chmod o+r /etc/squid/squid_passwd
3. The program htpasswd will be used to add users to the password file
# htpasswd /etc/squid/squid_passwd user
New password :
Re-type new password :
Adding password for user user
4. Below would be how the complete squid.conf will look like (refer to the original squid.conf for explanation and further tuning) :-
http_port 3128
icp_port 3130
htcp_port 4827
visible_hostname hostname #Replace “server_hostname” with the hostname of your Ubuntu machine
cache_mem 16 MB
refresh_pattern . 0 20% 8640
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl www_ports src 80 443
acl ftp_ports src 21
acl localhost src 127.0.0.1/32
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
acl wwwusers src 0.0.0.0/0.0.0.0
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
ftp_user Squid@domain1.com
ftp_passive off
acl ftpusers src 0.0.0.0/0.0.0.0
http_access allow ftpusers ftp_ports
5. Create cache files using squid using the command “squid -z” , ignore the errors.
6. To run squid in debugging mode use the command “squid -NCd10″ . You will get some kind of explanation of what is running in the background.
7. We’re done! Lets restart squid to make it run using our new configurations.
# /etc/init.d/squid restart
References :-
http://ubuntuforums.org/archive/index.php/t-201341.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:
_Ch32 _:_Controlling_Web_Access_with_Squid
Do drop me a comment if there’s anything that can be improved.
-arKCHane-
No related posts.
Comments
1 Comment so far
Thank you very much for this document, it has been long I am looking for this type of document.
Lawal Sulaiman
Usman Danfodiyo University, Sokoto
Nigeria