Stay Updated and Subscribe

Rss feed
Enter your email address:

Delivered by FeedBurner

Thursday, May 28, 2009

Add Authentication to Squid Proxy [HOW-TO]

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other computer network lookups for a group of people sharing network resources, to aiding security by filtering traffic.

The below steps will add authentication to your squid proxy. Why would you want to add security? Why not, I don't know. Just do it.

Tested and verified on Ubuntu Hardy Heron Server 8.04

1: Create a username/password
First create a NCSA password file using htpasswd command. The word 'user1' below should be changed to whatever the heck you want. Also, the '-c' tag will create this file. You don't need to add this tag if the file is already in play.

# htpasswd -c /etc/squid/passwd user1

Modify permissions to the new file so squid can read it:

# chmod o+r /etc/squid/passwd

2: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth; at least, it was for me. You can use the dpkg command to try and locate it if it seems to be in a different location.

# dpkg -L squid | grep ncsa_auth

3: Configure nsca_auth for squid proxy authentication
Open /etc/squid/squid.conf file and add the following parameters. These are all found towards the top of the configuration file (there's a lot of stuff in the conf file). It is worth noting that your basic program location may differ depending on where your ncsa_auth helper is located. The basic realm can be changed to whatever you want; it dosen't matter.

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Last Step: Save and close the file.
Restart squid and you should be all set!

Now that wasn't too bad was it?

No comments: