Professional Documents
Culture Documents
12.04
Updated by Alex Fornuto
Squid is a proxy/cache application with a variety of configurations and uses. This guide will
cover using Squid as an HTTP proxy. Please note that unless you follow the last section of the
guideAnonymizing Traffic, this will not anonymize your traffic to the outside world, as your
originating IP address will still be sent in the X-Forwarded-For header. Additionally, the traffic
is not encrypted and will still be visible on your local network. If you are looking for a solution
that offers greater security, you may want to look at our guide to Setting up an SSH
Tunnel or Deploy VPN Services with OpenVPN.
This guide is written for a non-root user. Commands that require elevated privileges
are prefixed with sudo. If youre not familiar with the sudo command, you can check
our Users and Groups guide.
Installing Squid
1.Squid is available in the Ubuntu repositories. To ensure your system is up-to-date and
install Squid, run the following commands:
Basic Setup
This section covers the easiest way to use Squid as an HTTP proxy, using only the client IP
address for authentication.
1.Edit the Squid configuration file and add the following lines:
/etc/squid3/squid.conf
1
3.At this point you can configure your local browser or operating systems network
settings to use your Linode as an HTTP proxy. How to do this will depend on your
choice of OS and browser. Once youve made the change to your settings, test the
connection by pointing your browser at a website that tells you your IP address, such
as ifconfig, What is my IP, or by Googling What is my ip.
4.Additional clients can be defined by adding new acl lines to /etc/squid3/squid.conf.
Access to the proxy is granted by adding the name defined by each acl to
the http_access allow line.
Advanced Authentication
The following configuration allows for authenticated access to the Squid proxy service using
usernames and passwords.
1.You will need the htpasswd utility. If youve installed Apache on your Linode, you will
already have it. Otherwise run:
2.Create a file to store Squid users and passwords, and change ownership:
Replace user1 with a username. You will be prompted to create a password for this
user:
1New password:
2Re-type new password:
3Adding password for user user1
You can repeat this step at any time to create new users.
4.Edit the Squid configuration file and add the following lines:
/etc/squid3/squid.conf
1
6.At this point, you can configure your local browser or operating systems network
settings to use your Linode as an HTTP proxy. You will need to specify that the server
requires authentication, and provide the username and password. How to do this will
depend on your choice of OS and browser. Once youve made the settings change, test
the connection by pointing your browser at a website that tells you your IP address,
such as ifconfig, What is my IP, or by Googling What is my ip.
7.To remove a users access to the proxy, you must delete their entry in
the squid_passwd file. Each user is represented in the file on a single line in the format
of user:passwordhash:
/etc/squid3/squid_passwd
1
user1:\$p948w3nvq3489v6npq396g user2:\$q3cn478554387cq34n57vn
If you are using Nano, the command Control+k will remove the entire line where the
cursor rests. Once youve saved and exited the file, restart Squid:
1sudo service squid3 restart
Anonymizing Traffic
In order to mask your IP address from servers you connect to, you will need to add the
following lines to the Squid configuration file.
/etc/squid3/squid.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
forwarded_for of
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
23
24
25
26
27
28
29
30