How to Secure Squid Proxy

How to Secure Squid Proxy?

Configure an NCSA-style username and password authentication

lets assume that squid is installed and working fine following the guide here

Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization

Step # 1: Create a username/password

First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to
store usernames and password for basic authentication of squid users.

$ htpasswd /etc/squid/passwd xmodx

Output:

New password:
Re-type new password:
Adding password for user xmodx

Make sure squid can read passwd file:
$ chmod o+r /etc/squid/passwd

Step # 2: Locate nsca_auth authentication helper

Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
$ dpkg -L squid | grep ncsa_auth

Output:

/usr/lib/squid/ncsa_auth


If you are using RHEL/CentOS/Fedora Core or RPM based distro try:

$ rpm -ql squid | grep ncsa_auth

Output:

/usr/lib/squid/ncsa_auth

Step # 3: Configure nsca_auth for squid proxy authentication

Now open /etc/squid/squid.conf file

$ pico /etc/squid/squid.conf

Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Welcome to xMoDx Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Download SAMPLE CONFIG FILE HERE

thanks to Gerold for helping me with making my Proxy Server Secure and inspiration for this Guide

Leave a Reply

Your email address will not be published. Required fields are marked *