Setting up Squid proxy authentication on ubutnu In order to set up Squid proxy authentication
on Ubuntu, you need to make the following adjustments to the Squid configuration file:
Generate Squid proxy authentication password
htpasswd is two tools that can be used to generate proxy user authentication passwords. Although htpasswd encrypts the password and stores the password in a promiscuous format, htdigest stores the password in plain text, so it is not secure. In this guide, we will use the htpasswd utility. htdigest
In order to use htpasswd, you need to install it. Install it: httpd/apache2-utils
sudo apt-get install apache2-utils
sudo yum install httpd-tools
After installation, run the following command to generate a password for user verification.
htpasswd -c /etc/squid/.squid_users amos
New password:
Re-type new password:
Adding password for user amos
This creates a password for the user amos and stores it in. /etc/squid/.squid_users
To add more users, you need to remove the option -c from the htpasswd command:
htpasswd /etc/squid/.squid_users john
New password:
Re-type new password:
Adding password for user john
When you check the password file, there are now two users with encrypted passwords:
less /etc/squid/.squid_users
amos:$apr1$IyfTZICg$2fPImX5o14XC2KPF1kZWv/
john:$apr1$5o0XKeto$m6c5B5KK5ZAK/7A/VIgYB/
Squid users should be able to read this file. Therefore, run the following command to set the appropriate permissions:
chown squid /etc/squid/.squid_users
Verify that the username and password are applicable to the squid proxy. For each correct entry, you should see the following display: OK
/usr/lib64/squid/basic_ncsa_auth /etc/squid/.squid_users
amos password
OK
john password
OK
Configure Squid proxy authentication
Since everything seems to be fine, proceed to set up Squid proxy basic authentication. Open the Squid configuration file for editing and add the following lines.
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.squid_users
auth_param basic children 5
auth_param basic realm Proxy Authentication Required
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl auth_users proxy_auth amos john
http_access allow auth_users
As a brief summary of the lines mentioned above:
- The first line tells Squid to use the helper program and look up the username and password in the file.
basic_ncsa_auth/etc/squid/.squid_users
- This line specifies the maximum number of processes to generate a Squid authenticator.
auth_param basic children 5
auth_param basic realm
Specify the protection scope of the authentication scheme to be reported to the customer.auth_param basic credentialsttl 2 hours
Specify how long Squid assumes externally authenticated usernames: password pairs apply toauth_param basic casesensitive off
Specify whether the username is sensitive to the case.acl auth_users proxy_auth amos john
Define Squid authentication ACL for users who are allowed to authenticate.
After completing the configuration, save the file and restart Squid.
systemctl restart squid
Configure your client to use the authentication vai squid proxy server described in our previous article.
From the client side, if you try to access the Internet through a browser, you will be prompted for authentication. Please refer to the screenshot below:
When you are properly authenticated, you will be able to access the Internet on your browser.
If you try to download a file using wget, you will be prompted for authentication:
wget google.com
--2018-12-19 00:38:21-- http://google.com/
Connecting to 192.168.43.69:3128... connected.
Proxy request sent, awaiting response... 407 Proxy Authentication Required
2018-12-19 00:38:21 ERROR 407: Proxy Authentication Required.
therefore:
wget --proxy-user=amos --proxy-password=password google.com
--2018-12-19 00:39:36-- http://google.com/
Connecting to 192.168.43.69:3128... connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/ [following]
--2018-12-19 00:39:37-- http://www.google.com/
Reusing existing connection to 192.168.43.69:3128.
Proxy request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.8’
index.html.8 [ <=> ] 11.72K --.-KB/s in 0.1s
2018-12-19 00:39:38 (97.6 KB/s) - ‘index.html.8’ saved [12001]
Alright, there you go. You have successfully set up Squid proxy authentication on Ubuntu with a username and password.