Introduction
Squid is a proxy service used to filter web traffic that is capable of improving web server performance caching resources. Squid mediates traffic between a desktop computer and the internet and redirects inbound client requests to a data store for faster performance. It supports HTTP, FTP, TLS, SSL, and HTTPS traffic.
We will show you how to install and set up Squid proxy server on your Shell.
Prerequisites
Before we can open ports to additional traffic, you must purchase a $1 dedicated IP address.
Follow the tutorial below:
How to Purchase and Active a Dedicated IP address for your Shell
Installation
To install squid, enter the following into the terminal prompt:
sudo apt install squid
To check that the squid service is running, enter the following:
sudo systemct1 status squid
How to Configure IP-Based Authentication
Squid allows you to restrict internet access to clients in many different ways. This is how to restrict the internet to only those with the appropriate IP addresses.
We must edit the default Squid configuration file:
sudo nano /etc/squid/squid.conf
Add the lines below at the beginning of the configuration file:
acl client1 src [enter the client IP address here]
ac1 client2 src [enter the client IP address here]
http_access allow client1 client2
To add more clients just copy the line and number the clients appropriately. Save and close the file when you are finished.
To apply changes, restart Squid:
sudo systemct1 restart squid
We have now configured the server so that only computers with the IP addresses that you have included can access the internet.
User-Based Authentication
It is also possible to authenticate based on username and password. We must install Apache utils in order to achieve this.
To install the Apache utils package enter:
sudo apt install apache2-utils -y
Next, create a user with this command:
htpasswd /etc/squid/passwd client1
You will receive a prompt to set your password.
You may verify all created users by viewing the password configuration file, enter:
cat /etc/squid/passwd
Now open the default Squid configuration file:
sudo nano /etc/squid/squid.conf
Add the following lines at the beginning of the file. (Remember, the lines that we added in the previous section were for IP-based Authentication.)
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the configuration file, then restart Squid with:
sudo systemctl restart squid
Users will now need to enter their credentials to access the internet.
How to Anonymize Traffic with Squid
In order to anonymize web traffic and mask client IP addresses, we must add some rules to Squid.
Edit the default Squid configuration file:
sudo nano /etc/squid/squid.conf
Add the lines below at the beginning of the file:
forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all
Save and close your changes, then restart the Squid service to apply the changes.
sudo systemctl restart squid
Check Squid Proxy
To begin using our proxy server, we must enter the settings into the browser of our client computer.
For this, we will be using the Mozilla web browser.
Go to the client computer, open Mozilla, and go to Options.
Scroll to the bottom of the page to Network Settings and click Settings.
Select Manual proxy configuration and enter your Squid server IP and port. Select Use this proxy server for all protocols and click OK to save settings.
To verify check your pubic IP by going to https://whatismyipaddress.com/ and enter your authentication credentials.
You should see the IP address of your proxy server and not the IP address of your client.
Comments
0 comments
Article is closed for comments.