In this article, we'll configure Squid as a forward proxy and enable basic authentication.
For setting up squid, you can read our previous article here, which covers enabling SSL as well as ICAP.
For this setup, we'll be using Squid 4.13.
The 3 main configuration directives we'll be using:
http_port: By default, squid proxy runs on port 3128
acl: Access Control Lists
http_access: controls squid acl's access to the internet
You can first test this by using the default squid.conf file, by running
$ curl -x http://[PROXY-IP]:[PORT] -I http://example.com
You should see the following:
In your terminal, run:
(Note: if you followed the previous article on setting up Squid, then apply relative paths from there.)
Create a passwords file and replace [USERNAME] with your test username.
$ sudo touch /etc/squid/passwords $ sudo chmod 777 /etc/squid/passwords $ sudo htpasswd -c /etc/squid/passwords [USERNAME]
You will be prompted to enter your test password twice.
Test the credentials
In the space, enter [USERNAME] [PASSWORD], then hit ENTER.
You should get an OK, then you can Ctrl+C.
$ sudo nano /etc/squid/squid.conf
Add this to your squid.conf file:
# auth auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords auth_param basic realm Squid proxy-caching web server # ttl auth_param basic credentialsttl 24 hours # username cs auth_param basic casesensitive off # auth type & access acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users http_access deny all http_port 3128
Note that acl and http_access were used to define and allow connectivity to authenticated users, respectively. And that http_port was left as default.
curl -x http://[PROXY-IP]:[PROXY-PORT] -I http://google.com
You should be able to see "HTTP/1.1 407 Proxy Authentication Required"
Firefox > Settings > Proxy > add in your squid's IP and port
And you should see the following