Sam - November 15, 2017
Squid HTTP Proxy for CentOS in Under 5 minutes
INTRODUCTION
When we use our home PC to browse the internet, we can usually access it without any constraints, meaning that we can access Internet via any port:HTTP(80), HTTPS(443),SSH(22) and others.
The downside is that when we browse the Internet site,our IP address is clearly shown it that web server’s logs.Now, although our external IP is usually dynamically assigned from our provider, there are certain information that can be obtained from it, for example, the country of origin.
If we for some reason want to anonymize it, we can use one solution: Squid proxy server. Squid proxy server is a Linux software that works on all major linux distributions,and is among other uses, used for anonymizing web traffic.It takes user’s request for a web page, and fetches it on behalf of user, like on this picture
So if for example, Squid proxy server is located in the France, and we are located in Brazil, visiting a web site via Squid proxy will show IP address of a Squid proxy, in France.
PREREQUISITES
You will need a virtual private server (VPS) in the cloud,with SSH access to it as a root user. I am using DigitalOcean VPS server with CentOS 6.9 x64 Linux on it.
You can use any SSH client you like, I prefer SSH secure shell,while most people use Putty these days.
INSTALLATION
Installation of Squid is really simple with yum, and no additional repositories needs to be configured for it.Let’s take a look at the information with yum info squid.It will show the version (current version is 3.1.2) and show some information about squid.Installation is done with:
Find the perfect Proxy Product.
[root@portorico ~]# yum install squid
Installed:
squid.x86_64 7:3.1.23-24.el6
It is installed as a service called squid, and is started with:
[root@portorico ~]# service squid start
Starting squid: . [ OK ]
To make sure it is stared at boot time, we should enable it to autostart:
[root@portorico ~]# chkconfig squid on
CLIENT CONFIGURATION
To use Squid server,we need to configure our web browser to explicitly use it. When you configure Mozilla, it is specific to Firefox only, while any of Chrome, Opera and IE brosers configure system wide settings for a proxy. I will show you how to configure Firefox. You should choose Options->Network Proxy,Settings and fill the appropriate fields with your server’s IP address, and port 3128.
SERVER CONFIGURATION
If you try to enter google.com in your browser, you will get a The proxy server is refusing connections error.That is because Squid is refusing all connections by default, otherwise anyone who knows your IP address would be able to connect to it.
We can allow only certain IP addresses to be able to use Squid, but since ADSL IPs are changed usually every day, we need another way. This could be the simple username /password authentication. To do that,we first need to edit the Squid configuration file, /etc/squid/squid.conf, and add these lines at the beginning of the file
[root@portorico ~]# vi /etc/squid/squid.conf
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
In your system, ncsa_auth might not be in the same location, you might find it with the following command an update the config file accordingly:
[root@portorico ~]# find / -iname “*ncsa_auth*”
It uses the password file passwd that we will generate soon, placed in /etc/squid/, you may call it whatever you want and place it anywhere( provided squid user has access to it).
USERNAME AND PASSWORD GENERATION
Now, to populate a file with a username(for example mysquid) and a (hashed) password
(for example, Tutankamon), we need htpasswd tool, a part of httpd-tools package.We can install it with:
[root@portorico ~]# yum install -y httpd-tools
Let’s execute the following command:
[root@portorico ~]# htpasswd -c /etc/squid/passwd mysquid
New password:
Re-type new password:
Adding password for user mysquid
We have to restart Squid service so changes in the config files are applied (we can use reload as well).
USING SQUID
Let’s refresh the page in Firefox, and now instead of an error, we get a prompt asking us to enter using username and password.
Enter the username and password,and you should be able to see the page.
To make sure you are using Squid to surf the net, enter https://whatsmyip.com/
Instead of your ADSL IP, your Squid’s server IP will be shown.
Happy surfing!
