SQUID Proxy: Configuring for authentication, global access, and user-specific logging
►1) Install Squid and htpasswd
First, update your package lists and install Squid and the apache2-utils package which provides htpasswd:
|
1 2 |
apt update apt install squid apache2-utils |
►2) Create a password file
Use htpasswd to create a file that will store your Squid user credentials. For example, to create a user named “testuser”:
|
1 |
htpasswd -c /etc/squid/passwd testuser |
You will be prompted to enter and confirm the password for this user. The -c flag is used only for the first user; omit it for subsequent users.
|
1 |
htpasswd /etc/squid/passwd anotheruser |
►3) Configure Squid
Edit the Squid configuration file, Enable Basic Authentication. Add or modify the following lines to enable basic authentication:
|
1 |
nano /etc/squid/squid.conf |
|
1 2 3 4 5 |
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid basic user authentication auth_param basic credentialsttl 2 hours auth_param basic casesensitive on |
Create Access Control Lists (ACLs) to control access based on authentication GLOBAL access:
|
1 2 3 |
acl authenticated proxy_auth REQUIRED http_access allow authenticated http_access deny all |
Set the port Squid will listen on. Commonly 3128
|
1 2 3 |
http_port 808 #comment standart port atd finish #http_port 3128 |
If needed local without pass. This example allows authenticated users from the local network (replace 192.168.1.0/24 with your network) to access the proxy. It then denies access to all other requests:
|
1 2 3 4 |
acl authenticated proxy_auth REQUIRED acl localnet src 192.168.1.0/24 http_access allow localnet authenticated http_access deny all |
►4) Restart Squid
After making these changes, restart the Squid service for them to take effect:
|
1 |
systemctl restart squid |
►5) Logs (%un is for an username from the /etc/squid/passwords)
|
1 2 |
access_log /var/log/squid/access.log custom_combined logformat custom_combined %un %>a [%{%Y-%m-%d %H:%M:%S}tl] "%rm %ru HTTP/%rv" %Hs %<st "%{User-Agent}>h" "%{Referer}>h" |