Scribd Logo
Upload

Welcome to Scribd!

  • Squid Configurare

    Uploaded by

    Erik Yannys
    30 views5 pages
    Squid Configurare

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Squid Configurare

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    30 views5 pages

    Squid Configurare

    Uploaded by

    Erik Yannys
    Squid Configurare

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Creating an HTTP Proxy Using Squid on Ubuntu

    12.04
    Updated by Alex Fornuto
    Squid is a proxy/cache application with a variety of configurations and uses. This guide will
    cover using Squid as an HTTP proxy. Please note that unless you follow the last section of the
    guideAnonymizing Traffic, this will not anonymize your traffic to the outside world, as your
    originating IP address will still be sent in the X-Forwarded-For header. Additionally, the traffic
    is not encrypted and will still be visible on your local network. If you are looking for a solution
    that offers greater security, you may want to look at our guide to Setting up an SSH
    Tunnel or Deploy VPN Services with OpenVPN.
    This guide is written for a non-root user. Commands that require elevated privileges
    are prefixed with sudo. If youre not familiar with the sudo command, you can check
    our Users and Groups guide.

    Installing Squid
    1.Squid is available in the Ubuntu repositories. To ensure your system is up-to-date and
    install Squid, run the following commands:

    1sudo apt-get update


    2sudo apt-get upgrade
    3sudo apt-get install squid

    2.Copy the original configuration file to keep as a backup:

    1sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.default

    Configuring Squid as an HTTP proxy


    Squid Proxy can be used as an HTTP proxy to bypass local network restrictions, or mask your

    true location to the world.

    Basic Setup
    This section covers the easiest way to use Squid as an HTTP proxy, using only the client IP
    address for authentication.
    1.Edit the Squid configuration file and add the following lines:
    /etc/squid3/squid.conf
    1

    acl client src 12.34.56.78 \# Home IP http\_access allow client

    Be sure to replace client with a name identifying the connecting computer,


    and 12.34.56.78with your local IP address. The comment # Home IP isnt required, but
    comments can be used to help identify clients.
    2.Once youve saved and exited the file, restart Squid:

    1sudo service squid3 restart

    3.At this point you can configure your local browser or operating systems network
    settings to use your Linode as an HTTP proxy. How to do this will depend on your
    choice of OS and browser. Once youve made the change to your settings, test the
    connection by pointing your browser at a website that tells you your IP address, such
    as ifconfig, What is my IP, or by Googling What is my ip.
    4.Additional clients can be defined by adding new acl lines to /etc/squid3/squid.conf.
    Access to the proxy is granted by adding the name defined by each acl to
    the http_access allow line.

    Advanced Authentication
    The following configuration allows for authenticated access to the Squid proxy service using
    usernames and passwords.
    1.You will need the htpasswd utility. If youve installed Apache on your Linode, you will
    already have it. Otherwise run:

    1sudo apt-get install apache2-utils

    2.Create a file to store Squid users and passwords, and change ownership:

    1sudo touch /etc/squid3/squid_passwd


    2sudo chown proxy /etc/squid3/squid_passwd

    3.Create a username password pair:

    1sudo htpasswd /etc/squid3/squid_passwd user1

    Replace user1 with a username. You will be prompted to create a password for this
    user:
    1New password:
    2Re-type new password:
    3Adding password for user user1

    You can repeat this step at any time to create new users.
    4.Edit the Squid configuration file and add the following lines:
    /etc/squid3/squid.conf
    1

    auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd

    acl ncsa_users proxy_auth REQUIRED

    http_access allow ncsa_users

    5.Once youve saved and exited the file, restart Squid:

    1sudo service squid3 restart

    6.At this point, you can configure your local browser or operating systems network
    settings to use your Linode as an HTTP proxy. You will need to specify that the server
    requires authentication, and provide the username and password. How to do this will
    depend on your choice of OS and browser. Once youve made the settings change, test
    the connection by pointing your browser at a website that tells you your IP address,
    such as ifconfig, What is my IP, or by Googling What is my ip.
    7.To remove a users access to the proxy, you must delete their entry in
    the squid_passwd file. Each user is represented in the file on a single line in the format

    of user:passwordhash:
    /etc/squid3/squid_passwd
    1

    user1:\$p948w3nvq3489v6npq396g user2:\$q3cn478554387cq34n57vn

    If you are using Nano, the command Control+k will remove the entire line where the
    cursor rests. Once youve saved and exited the file, restart Squid:
    1sudo service squid3 restart

    Anonymizing Traffic
    In order to mask your IP address from servers you connect to, you will need to add the
    following lines to the Squid configuration file.
    /etc/squid3/squid.conf
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22

    forwarded_for of
    request_header_access Allow allow all
    request_header_access Authorization allow all
    request_header_access WWW-Authenticate allow all
    request_header_access Proxy-Authorization allow all
    request_header_access Proxy-Authenticate allow all
    request_header_access Cache-Control allow all
    request_header_access Content-Encoding allow all
    request_header_access Content-Length allow all
    request_header_access Content-Type allow all
    request_header_access Date allow all
    request_header_access Expires allow all
    request_header_access Host allow all
    request_header_access If-Modified-Since allow all
    request_header_access Last-Modified allow all
    request_header_access Location allow all
    request_header_access Pragma allow all
    request_header_access Accept allow all
    request_header_access Accept-Charset allow all
    request_header_access Accept-Encoding allow all
    request_header_access Accept-Language allow all

    23
    24
    25
    26
    27
    28
    29
    30

    request_header_access Content-Language allow all


    request_header_access Mime-Version allow all
    request_header_access Retry-After allow all
    request_header_access Title allow all
    request_header_access Connection allow all
    request_header_access Proxy-Connection allow all
    request_header_access User-Agent allow all
    request_header_access Cookie allow all
    request_header_access All deny all

    Once youve saved and exited the file, restart Squid:

    1sudo service squid3 restart

    Schimbare parola squid:


    sudo htpasswd /etc/squid3/squid_passwd USER PASSWORD

    You might also like