Setting up squid as forward proxy with basic authentication

In this article, we'll configure Squid as a forward proxy and enable basic authentication.

For setting up squid, you can read our previous article here, which covers enabling SSL as well as ICAP.

For this setup, we'll be using Squid 4.13.

Forward Proxy
The 3 main configuration directives we'll be using:
  • http_port: By default, squid proxy runs on port 3128

  • acl: Access Control Lists

  • http_access: controls squid acl's access to the internet

You can first test this by using the default squid.conf file, by running

$ curl -x http://[PROXY-IP]:[PORT] -I

You should see the following:


In your terminal, run:

(Note: if you followed the previous article on setting up Squid, then apply relative paths from there.)

  • Create a passwords file and replace [USERNAME] with your test username.

$ sudo touch /etc/squid/passwords 
$ sudo chmod 777 /etc/squid/passwords
$ sudo htpasswd -c /etc/squid/passwords [USERNAME]

You will be prompted to enter your test password twice.

  • Test the credentials

/usr/lib/squid/basic_ncsa_auth /etc/squid/passwords 

In the space, enter [USERNAME] [PASSWORD], then hit ENTER.

You should get an OK, then you can Ctrl+C.

  • Configure squid.conf

$ sudo nano /etc/squid/squid.conf

Add this to your squid.conf file:

# auth
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm Squid proxy-caching web server
# ttl 
auth_param basic credentialsttl 24 hours
# username cs
auth_param basic casesensitive off
# auth type & access
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
http_access deny all
http_port 3128

Note that acl and http_access were used to define and allow connectivity to authenticated users, respectively. And that http_port was left as default.

  • Test

  • In Terminal:

curl -x http://[PROXY-IP]:[PROXY-PORT] -I

You should be able to see "HTTP/1.1 407 Proxy Authentication Required"

  • In Browser:

Firefox > Settings > Proxy > add in your squid's IP and port

And you should see the following

in News
Configure Squid (4.17) with ICAP & SSL