webdnstools.com
DNS Lookup, Reverse DNS Lookup, Domain Configuration Check and IP Address Calculators

Using Squid as an Authenticating Proxy Server

The Squid proxy server can be configured to require authentication from users. Squid supports a number of authentication schemes. The easiest authentication scheme to configure is the NCSA/Apache password file authentication. This authentication scheme uses a password file stored on the local file system, which contains a list of users and passwords.

Configure Squid

If Squid is not installed, refer to the Installing Squid Proxy Server article.

Open the squid configuration file, which on Linux should be in the following location:

/etc/squid/squid.conf

Set the auth_param directive to specify the type of authentication (in this case we're using ncsa_auth) and set the path of the password file. We'll create the password file in the /usr/etc directory.

If you're using a 32-bit Linux distribution, the module path will be as follows:

auth_param basic program /usr/lib/squid/ncsa_auth /usr/etc/passwd

If you're using a 64-bit Linux distribution, the module path will be as follows:

auth_param basic program /usr/lib64/squid/ncsa_auth /usr/etc/passwd

The ncsa_auth module should be installed by default. If it is not, you may need to install or compile it.

Uncomment the following three lines:

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

In the acl section of the conf file, add the following:

acl class proxy_auth REQUIRED

In the http_access section of the conf file, add the following:

http_access allow class

Save the changes you have made to the configuration file.

Create Password File

Now you need to create the password file. The password file is created using the htpasswd utility. To create the password file that we specified above, and add a new user, run the following command (replace the username and password with the username and password of the new user):

htpasswd -c /usr/etc/passwd username password

Make sure that Squid has read permission on the file. Use chmod command to make sure that Squid has read access to it:

chmod 644 /usr/etc/passwd

When adding other users, do not use the -c parameter as this will create a new file.

We are now ready to start Squid. If Squid is already running, reload the configuration file by running the following command as the root user:

squid -k reconfigure

If squid is not already running, start it by running the following command as the root user:

/etc/init.d/squid start