How to configure Squid on Ubuntu with Authentication

Share It!

Squid is a free & open-source full featured web proxy cache server, which can be used in many other ways like It redirects client requests from web browsers to the proxy server and delivers the client’s requests and keeps a copy of them in the proxy hard disk cache. Squid program does not requires intensive CPU usage. To increase efficiency, would recommend to buy faster disks or add more memory into the squid proxy server.

Install Squid3:

Installation of Squid Proxy server on Ubuntu and Debian is very easy, only you have to run the following command.

# sudo apt-get install squid3 -y

Configure Squid3:

Depending on the version installed on your system you have to look for a specific path.

# sudo vi /etc/squid3/squid.conf

Define allowed LAN segment (Around line 919):

acl techoism_lan src

Allow defined LAN (Around line 1058):

http_access allow techoism_lan

Listen on port 3128:

# Squid normally listens to port 3128
http_port 3128

Configure Squid with Authentication:

This step is for authenticating User , Mean Whenever user trying to access outside Network , It will ask for entering User’s name ( Whichever we want to set ) and password.
First Install the program ‘htdigest’ using following command:

# sudo apt-get install apache2-utils -y

User for authentication:

sudo htdigest -c /etc/squid3/passwords realm_name user_name


# sudo htdigest -c /etc/squid3/passwords proxyuser dennis

Add digest squid authentication configuration (At line 335-337).

auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
auth_param digest realm proxyuser
acl techoism_authenticate proxy_auth REQUIRED
http_access allow techoism_authenticate

Note: Please note that the file digest_pw_auth has been renamed to digest_file_auth in ubuntu 14.04 LTS.

Start Service:

Restart the Squid to take affect the new configuration :

# sudo initctl restart squid3
# sudo service squid3 restart

Check Squid Port

Verify port 3128 are listening or not:

# sudo netstat -plunt | grep 3128
tcp6       0      0 :::3128                 :::*                    LISTEN      2185/squid3

Verify the Version:

Use the following command to check the version of Squid and the configuration options it was started with:

# squid3 -v
Squid Cache: Version 3.3.8
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security'

Configure Proxy on Client:

Configure at proxy setting at client’s browser as below :

Setting > Change Proxy Settings > Lan Settings > check proxy server > advanced



Tools > Option > Advanced > Network > Settings


You can also check squid log

# sudo tail -f /var/log/squid3/access.log
1441607335.740      0 TCP_DENIED/407 3866 CONNECT - HIER_NONE/- text/html
1441607335.985      0 TCP_DENIED/407 3866 CONNECT - HIER_NONE/- text/html
1441607339.307      0 TCP_DENIED/407 3947 GET - HIER_NONE/- text/html
1441607365.995      0 TCP_DENIED/407 3866 CONNECT - HIER_NONE/- text/html
1441607370.140    140 TCP_MISS/302 660 GET dennis HIER_DIRECT/ text/html
1441607370.455    308 TCP_MISS/302 1103 GET dennis HIER_DIRECT/ text/html
1441607371.906    367 TCP_MISS/200 900 POST dennis HIER_DIRECT/ application/ocsp-response
1441607395.781      0 TCP_DENIED/407 3866 CONNECT - HIER_NONE/- text/html

See Also:
How to configure Squid Proxy on Ubuntu/Debain
How to configure Squid on CentOS/RHEL

Enjoy it!

  1. 6 months ago

Leave a Reply

Your email address will not be published.