How to Secure Squid Proxy
How to Secure Squid Proxy?
Configure an NCSA-style username and password authentication
lets assume that squid is installed and working fine following the guide here
Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization
Step # 1: Create a username/password
First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to
store usernames and password for basic authentication of squid users.
$ htpasswd /etc/squid/passwd xmodx
Output:
New password:
Re-type new password:
Adding password for user xmodx
Make sure squid can read passwd file:
$ chmod o+r /etc/squid/passwd
Step # 2: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
$ dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
$ rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
Step # 3: Configure nsca_auth for squid proxy authentication
Now open /etc/squid/squid.conf file
$ pico /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Welcome to xMoDx Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Download SAMPLE CONFIG FILE HERE
thanks to Gerold for helping me with making my Proxy Server Secure and inspiration for this Guide