How to Create an HTTP Proxy Using Squid on CentOS 8

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic.

An HTTP proxy acts as a high-performance content filter on traffic received by an HTTP client and HTTP server. The HTTP proxy protocol routes client requests from web browsers to the internet and supports rapid data caching.

Create an HTTP proxy using squid on CentOS 8; Through this tutorial, we will learn how to create an HTTP proxy using squid on centOS 8.

How to Create an HTTP Proxy Using Squid on CentOS 8

Follow the following steps to create an HTTP proxy using squid on CentOS 8:

  • Step 1 – Update System Packages
  • Step 2 – Install Squid Proxy Server
  • Step 3 – Configure IP Based Authentication
  • Step 4 – Configure User Based Authentication
  • Step 5 – Configure Combined Authentication
  • Step 6 – Configure Squid to Anonymize Traffic
  • Step 7 – Test Squid Proxy

Step 1 – Update System Packages

First of all, open terminal or command line and execute the following command to update base system with the latest available packages:

dnf update -y

Step 2 – Install Squid Proxy Server

Execute the following command on command line or terminal to install squid proxy server:

dnf install squid -y

Once the installation is completed, execute the following command line or terminal to start the Squid proxy service and enable it to start at reboot:

systemctl start squid
systemctl enable squid

Step 3 – Configure IP Based Authentication

Execute the following command on command line or terminal to configure ip based authentication Squid using the file at /etc/squid/squid.conf:

nano /etc/squid/squid.conf

Add the following line at the beginning of the file:

acl user1 src 192.168.0.10
acl user2 src 192.168.0.11
http_access allow user1 user2

Save and close the file when we are finished, then restart the Squid service to apply the changes:

systemctl restart squid

In the above step, substitute your relevant information as below:

user1 and user2 is the name that identifies the client computers.

192.168.0.10 and 192.168.0.11 is the IP address of the client computer.

Step 4 – Configure User Based Authentication

Now, execute the following command on command line or terminal to configure Squid to authenticate a client with usernames and passwords.

First, install the Apache utility package in your system:

dnf install httpd-tools -y

Next, create a file to store Squid users and passwords and change the ownership of the password file:

touch /etc/squid/squid_passwd
chown squid /etc/squid/squid_passwd

Next, create a new squid user with name user1 using the following command:

htpasswd /etc/squid/squid_passwd user1

We will be asked to create a password for this user as shown below:

New password:
Re-type new password:
Adding password for user user1

Next, create another user named user2 with the following command:

htpasswd /etc/squid/squid_passwd user2

Provide a password for this user as shown below:

New password:
Re-type new password:
Adding password for user user2

We can now verify both users with the following command:

cat /etc/squid/squid_passwd

You should get the following output:

user1:$apr1$szXO3OTj$37MuRy2V06mIAOiRpFjnr1
user2:$apr1$MCAckv0h$0VwDLLhAfMLaLm3Xvk3H/0

Next, edit the Squid configuration file:

nano /etc/squid/squid.conf

Add the following lines at the beginning of the file:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file, then execute the following command on command line or terminal to restart the Squid proxy service to make the changes:

systemctl restart squid

Step 5 – Configure Combined Authentication

Then execute the following command on the command line or terminal to configure Squid to authenticate a client based on the IP address and username/password.

Edit the Squid default configuration file:

nano /etc/squid/squid.conf

Find the following lines which we added earlier:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
acl user1 src 192.168.0.10
acl user2 src 192.168.0.11
http_access allow user1 user2

And replace them with the following lines:

acl user1 src 192.168.0.10
acl user2 src 192.168.0.11
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow user1 user2 ncsa_users

Save and close the file, then execute the following command on command line or terminal to restart the Squid proxy service to make the changes:

systemctl restart squid

Step 6 – Configure Squid to Anonymize Traffic

Next move, we will need to add some rules to mask client IP addresses from the servers that receive traffic from your Squid HTTP proxy.

We can do it by editing the Squid default configuration file:

nano /etc/squid/squid.conf

Add the following lines at the beginning of the file:

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Save and close the file, then execute the following command on command line or terminal to restart the Squid proxy service to make the changes:

systemctl restart squid

Step 7 – Test Squid Proxy

Finally, Squid proxy server is configured to accept client connections based on the IP address and username/password and anonymously handle Internet traffic.

Images mentioned above related to CentOS are either copyright property of respective image owners.

Rabins Sharma Lamichhane

Rabins Sharma Lamichhane is senior ICT professional who talks about #it, #cloud, #servers, #software, and #innovation. Rabins is also the first initiator of Digital Nepal. Facebook: rabinsxp Instagram: rabinsxp

Leave a Reply

Your email address will not be published. Required fields are marked *