How to Configure Squid Proxy Server with Authentication on a Custom Port Allowing All Ports
Table of Contents
- Introduction
- Prerequisites
- Step 1: Install Squid
- Step 2: Change the Default Listening Port
- Step 3: Enable Username and Password Authentication
- Step 4: Allow Access to All Ports
- Step 5: Finalize the Squid Configuration
- Step 6: Adjust Firewall Settings
- Step 7: Restart and Enable Squid Service
- Step 8: Test the Proxy Server
- Conclusion
- Additional Tips
Introduction
Squid is a high-performance proxy caching server for web clients, supporting HTTP, HTTPS, FTP, and more. This guide will walk you through configuring Squid to:
- Allow access to all ports
- Provide HTTP and HTTPS access
- Require username and password authentication
- Listen on a custom port instead of the default 3128
By following these steps, you’ll enhance your network’s security and flexibility.
Prerequisites
- A server running a Linux distribution (Ubuntu, Debian, CentOS, etc.)
- Root or sudo user access
- Basic knowledge of command-line operations
Step 1: Install Squid
First, install Squid on your server.
For Debian/Ubuntu Systems:
sudo apt-get update
sudo apt-get install squid
For CentOS/RHEL Systems:
sudo yum install squid
For Fedora Systems:
sudo dnf install squid
Step 2: Change the Default Listening Port
By default, Squid listens on port 3128. You can change this to a port of your choice (e.g., 8080).
- Open the Squid Configuration File:
sudo nano /etc/squid/squid.conf
- Modify the
http_port
Directive: Find the line containinghttp_port
and change it:
http_port 8080
Replace 8080
with your desired port number.
- Save and Close the File: Press
Ctrl + X
, thenY
, andEnter
to save changes.
Step 3: Enable Username and Password Authentication
To restrict access, you can enable Basic HTTP Authentication using the htpasswd
utility.
Install the htpasswd
Utility
The htpasswd
command is part of the Apache utilities.
For Debian/Ubuntu Systems:
sudo apt-get install apache2-utils
For CentOS/RHEL Systems:
sudo yum install httpd-tools
Create the Password File
- Create a Directory for the Password File (if not existing):
sudo mkdir -p /etc/squid
- Create the Password File and Add a User:
sudo htpasswd -c /etc/squid/passwd your_username
- Replace
your_username
with your desired username. - You’ll be prompted to enter and confirm a password.
- Note: Use the
-c
flag only when creating the file for the first time.
- Set Appropriate Permissions:
sudo chown proxy:proxy /etc/squid/passwd
sudo chmod 640 /etc/squid/passwd
Configure Squid to Use Authentication
- Open the Squid Configuration File:
sudo nano /etc/squid/squid.conf
- Add the Following Lines to Enable Authentication:
# Enable Basic Authentication
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm "Proxy Authentication Required"
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on
# Define ACL for authenticated users
acl authenticated_users proxy_auth REQUIRED
# Allow authenticated users
http_access allow authenticated_users
- Note: The path
/usr/lib/squid/basic_ncsa_auth
may vary. Use thefind
command to locate it:sudo find / -name basic_ncsa_auth
- Comment Out or Remove Other
http_access
Rules that May Allow Unauthenticated Access.
Step 4: Allow Access to All Ports
To permit access to all ports, you need to define an ACL and adjust the http_access
rules.
- Open the Squid Configuration File:
sudo nano /etc/squid/squid.conf
- Add the Following ACL:
acl all_ports port 1-65535
- Modify the
http_access
Rule:
http_access allow authenticated_users all_ports
- Ensure the Deny Rule is at the End:
http_access deny all
Step 5: Finalize the Squid Configuration
Your updated /etc/squid/squid.conf
should include:
# Squid Configuration File
# Change default listening port
http_port 8080
# Enable Basic Authentication
auth_param basic program /path/to/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm "Proxy Authentication Required"
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on
# Define ACLs
acl authenticated_users proxy_auth REQUIRED
acl all_ports port 1-65535
# Allow authenticated users to access all ports
http_access allow authenticated_users all_ports
# Deny all other access
http_access deny all
# Recommended settings
forwarded_for off
via off
# Logging (optional)
access_log /var/log/squid/access.log squid
Note: Replace /path/to/basic_ncsa_auth
with the actual path found using the find
command.
Step 6: Adjust Firewall Settings
Ensure your firewall allows incoming connections on the new port.
For UFW (Ubuntu):
sudo ufw allow 8080/tcp
For Firewalld (CentOS/RHEL):
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
For iptables:
sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
- Note: To make iptables rules persistent, you may need to install additional packages like
iptables-persistent
.
Step 7: Restart and Enable Squid Service
Restart Squid to Apply Changes:
sudo systemctl restart squid
Enable Squid to Start on Boot:
sudo systemctl enable squid
Check Squid Status:
sudo systemctl status squid
- Ensure the service is active and running without errors.
Step 8: Test the Proxy Server
Configure a Client to Use the Proxy
- Set Proxy Settings in Your Browser or System:
- Proxy IP: Your server’s IP address.
- Port: The port you configured (e.g., 8080).
- When Prompted, Enter Your Username and Password.
Verify Access
- Open a web browser and navigate to a website.
- Authentication should be required, and access should be granted upon providing valid credentials.
Troubleshooting
- Check Squid Logs for Errors:
sudo tail -f /var/log/squid/access.log
- Ensure the Password File Has Correct Permissions.
Conclusion
You’ve successfully configured Squid to:
- Listen on a custom port
- Require username and password authentication
- Allow access to all ports for authenticated users
This setup enhances security by restricting proxy usage to authorized users while providing flexibility in port access.
Additional Tips
- Security Considerations:
- Basic Authentication transmits credentials in Base64 encoding, which is not encrypted.
- For enhanced security, consider setting up SSL/TLS encryption.
- Adding More Users:
- To add additional users, run:
sudo htpasswd /etc/squid/passwd new_username
- Monitor Squid Performance:
- Regularly check logs and monitor performance to ensure optimal operation.
- Regular Updates:
- Keep your system and Squid package updated to benefit from security patches and improvements.
Need Further Assistance?
If you have questions or need help troubleshooting, feel free to reach out to the community or consult the Squid documentation.