web analytics

Squid3 configuration for multiple ip adresses and users with basic http auth, transparent proxy

Written by config on . Posted in CentOS, Linux, Ubuntu

Advertisement

So for example you’ve decided to setup squid and you would like to let your users connect and authenticate via simple http auth and you also would like each user to use different ip address. How can you achieve that with squid3?
I’m going to show you a very simple squid configuration that will let you to setup the proxy in a few minutes on your own machine and let your users use dedicated ip. In this example I’m configuring squid to be transparent and use non standart port so that when someone will try to probe your user ip it won’t find squid easily on its default ports listening. That is how they will know your user is using a proxy.
The example shown here tested on Ubuntu Server 12.04 but I guess it will work on any other linux distribution as long as you installed Squid3

Advertisement

So here we go, transparent squid (squid3) proxy with basic http auth and dedicated ip address for each user:

# This is the configuration file
# /etc/squid3/squid.conf

#This is the port squid will bind to, it can be anything random and non standard. Don’t let them find out you are using a proxy 😉 this is also the port you have to give your users so they’ll know what to use in their browser network configuration dialogs.
Do not forget to open this port on your firewall and suggest your users to do the same if they are behind any personal or corporate firewall.

http_port 62752 transparent

# This is the basic http authentication configuration, pay attention to the fact that these paths will work if you are using recent Ubuntu distribution but you will probably have to change the paths if you are using different distribution (it will work on debian though 🙂

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd

# You can generate /etc/squid3/passwd with the following tool httpasswd and if you do not have it then install by entering sudo apt-get install apache2-utils
# This is an example how to generate users & passwords: htpasswd /etc/squid3/passwd your_username_here
# Obviously execute as root/sudo

auth_param basic children 17
auth_param basic realm Squid proxy-caching web server ( You can write anything else instead of Squid proxy-…. )
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

# Defining ACL – each one is a user (you can rename user1, user2, etc.. as you like)

acl authenticated32 proxy_auth -i user1
http_access allow authenticated1

acl authenticated33 proxy_auth -i user2
http_access allow authenticated2

acl authenticated34 proxy_auth -i user3
http_access allow authenticated3

acl authenticated35 proxy_auth -i user4
http_access allow authenticated4

acl authenticated36 proxy_auth -i user5
http_access allow authenticated5

# Tie them together, you should have all these ip adresses configured already on your server.

tcp_outgoing_address 10.10.12.1 authenticated1
tcp_outgoing_address 10.10.12.2 authenticated2
tcp_outgoing_address 10.10.12.3 authenticated3
tcp_outgoing_address 10.10.12.4 authenticated4
tcp_outgoing_address 10.10.12.5 authenticated5

# Configure access log path, it is just an example – use anyting you like here.

access_log /var/log/squid3/squid3_access.log

# Configure cache

cache_dir ufs /var/spool/squid3 70000 16 256

# Hide all, make it as anonymous and transparent as possible

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Restart Squid at this stage and configure your browser to use one of the users. You hostname will be the ip that you configured for the user you are going to try.

Tags: , , , , , ,

Trackback from your site.

Leave a comment

*