Using Squid as an Authenticating Proxy Server
The Squid proxy server can be configured to require authentication from users. Squid supports a number of authentication schemes. The easiest authentication scheme to configure is the NCSA/Apache password file authentication. This authentication scheme uses a password file stored on the local file system, which contains a list of users and passwords.
If Squid is not installed, refer to the Installing Squid Proxy Server article.
Open the squid configuration file, which on Linux should be in the following location:
Set the auth_param directive to specify the type of authentication (in this case we're using ncsa_auth) and set the path of the password file. We'll create the password file in the /usr/etc directory.
If you're using a 32-bit Linux distribution, the module path will be as follows:
auth_param basic program /usr/lib/squid/ncsa_auth /usr/etc/passwd
If you're using a 64-bit Linux distribution, the module path will be as follows:
auth_param basic program /usr/lib64/squid/ncsa_auth /usr/etc/passwd
The ncsa_auth module should be installed by default. If it is not, you may need to install or compile it.
Uncomment the following three lines:
auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off
In the acl section of the conf file, add the following:
acl class proxy_auth REQUIRED
In the http_access section of the conf file, add the following:
http_access allow class
Save the changes you have made to the configuration file.
Create Password File
Now you need to create the password file. The password file is created using the htpasswd utility. To create the password file that we specified above, and add a new user, run the following command (replace the username and password with the username and password of the new user):
htpasswd -c /usr/etc/passwd username password
Make sure that Squid has read permission on the file. Use chmod command to make sure that Squid has read access to it:
chmod 644 /usr/etc/passwd
When adding other users, do not use the -c parameter as this will create a new file.
We are now ready to start Squid. If Squid is already running, reload the configuration file by running the following command as the root user:
squid -k reconfigure
If squid is not already running, start it by running the following command as the root user: