Do you know the feeling: you’re traveling out of the country, and suddenly you cannot access some websites? I recently hit this when I traveled to Europe, and some US websites I wanted to access threw me the GDPR block. I had once setup a proxy server to do some geo-timing tests, and decided to set one up again so I could access what I wanted to access.
Setting up Squid on Azure
Squid is an open source proxy and cache that is fairly simple to configure (but has a lot of configuration capabilities). For our simple proxy, we’ll set this one up on an Azure VM in West US 2. Be mindful of the Network Security Group you attach to that VM/subnet: squid by default runs over port 3128, so you’ll need to open that for the solution to work.
Once we have that, we can connect to our VM, and install squid.
sudo apt-get update && sudo apt-get install squid
With that done, we’ll have to dive into the squid configuration. There’s a lot to squid configuration. The default configuration file located at
/etc/squid/squid.conf contains 7980 lines. We wont be editing 7980 lines for our basic proxy though. What we will be doing is the following:
- Configure an ACL.
- Allow access for that ACL.
For this, we’ll be editing the default config file – because this allows basic proxy functionality by default – and we’ll add our configuration to it.
For the first part (configuring the ACL) – look for an ACL section around line 980 in the
squid.conf file, and add your own line to it. You don’t have to remove anything:
acl nills-from-internet src 0.0.0.0/0 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp (...)
For the second part, we’ll configure
http_access to allow our ACL to use the proxy. Look for the following line around line 1188, and add your own
http_access to it.
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # http_access allow nills-from-internet
Next, we’ll restart our squid service:
sudo service squid restart
And then we should be able to connect using our proxy service. Easy peasy.
Let’s add a little bit of security
As I was writing this blog, I started thinking I don’t want to host a public proxy service. I just want to be able to read my web-pages without GDPR block. This can also be done – fairly easily – so why won’t we do this together as well?
First things first, we need to create a password file. We will use the
htpasswd utility to create that. To get
htpasswd, you need
apache2 installed, which we’ll do first:
sudo apt-get install apache2 -y sudo htpasswd -c /etc/squid/passwd nilfranadmin #enter and confirm your password now
With that done, we’ll dive into the squid configuration file (remember,
/etc/squid/squid.conf) to configure our authentication:
First thing, look for the
auth_param section around line 427, and add the following line in there:
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
Afterwards, look for your ACL you created earlier, and then add the following line referencing the authentication:
acl nills-from-internet src 0.0.0.0/0 acl auth_users proxy_auth REQUIRED
And then finally, we’ll change our
http_access, around line 1190:
http_access allow auth_users http_access allow nills-from-internet
And after that’s done, let’s go ahead and restart our squid service, and see if we get an authentication request:
sudo service squid restart
And what that done, all my apps suddenly needed proxy authentication information. Now, in all honesty and transparency, I’m not using SSL – which is not best practice for sending credentials. But as I’m using a fairly useless password, I can live with that to be able to browse the American internet.
If you are ever geo-blocked and need to browse the web quickly – please just go ahead and use a free or paid VPN/proxy solution. They will be a lot easier to setup than what I just did (and probably be cheaper as well). However, if you like playing around and figuring out stuff, please follow along and setup your own Squid proxy server. Have fun!