{"id":315,"date":"2019-09-09T14:20:29","date_gmt":"2019-09-09T21:20:29","guid":{"rendered":"http:\/\/blog.nillsf.com\/?p=315"},"modified":"2019-09-09T14:20:32","modified_gmt":"2019-09-09T21:20:32","slug":"setting-up-a-squid-proxy-with-authentication","status":"publish","type":"post","link":"https:\/\/nillsf.com\/index.php\/2019\/09\/09\/setting-up-a-squid-proxy-with-authentication\/","title":{"rendered":"Setting up a Squid proxy with authentication"},"content":{"rendered":"\n

Do you know the feeling: you’re traveling out of the country, and suddenly you cannot access some websites? I recently hit this when I traveled to Europe, and some US websites I wanted to access threw me the GDPR block. I had once setup a proxy server to do some geo-timing tests, and decided to set one up again so I could access what I wanted to access.<\/p>\n\n\n\n

Setting up Squid on Azure<\/h2>\n\n\n\n

Squid <\/a>is an open source proxy and cache that is fairly simple to configure (but has a lot of configuration capabilities). For our simple proxy, we’ll set this one up on an Azure VM in West US 2. Be mindful of the Network Security Group you attach to that VM\/subnet: squid by default runs over port 3128, so you’ll need to open that for the solution to work.<\/p>\n\n\n\n

\"\"
We’ll create a simple Ubuntu VM<\/figcaption><\/figure>\n\n\n\n
\"\"
Don’t forget to create a NSG that will allow port 3128 inbound.<\/figcaption><\/figure>\n\n\n\n

Once we have that, we can connect to our VM, and install squid.<\/p>\n\n\n\n

sudo apt-get update && sudo apt-get install squid<\/code><\/pre>\n\n\n\n
With that done, we’ll have to dive into the squid configuration. There’s a lot to squid configuration. The default configuration file located at \/etc\/squid\/squid.conf<\/code> contains 7980 lines. We wont be editing 7980 lines for our basic proxy though. What we will be doing is the following:<\/p>\n\n\n\n
  • Configure an ACL.<\/li>
  • Allow access for that ACL.<\/li><\/ul>\n\n\n\n
    For this, we’ll be editing the default config file – because this allows basic proxy functionality by default – and we’ll add our configuration to it. <\/p>\n\n\n\n
    For the first part (configuring the ACL) – look for an ACL section around line 980 in the squid.conf<\/code> file, and add your own line to it. You don’t have to remove anything:<\/p>\n\n\n\n
    acl nills-from-internet src 0.0.0.0\/0                                                                                   acl SSL_ports port 443                                                                                                  acl Safe_ports port 80          # http                                                                                  acl Safe_ports port 21          # ftp  \n(...)<\/code><\/pre>\n\n\n\n
    For the second part, we’ll configure http_access<\/code> to allow our ACL to use the proxy. Look for the following line around line 1188, and add your own http_access<\/code> to it.<\/p>\n\n\n\n
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS                                                        #                                                                                                                       http_access allow nills-from-internet<\/code><\/pre>\n\n\n\n
    Next, we’ll restart our squid service:<\/p>\n\n\n\n
    sudo service squid restart<\/code><\/pre>\n\n\n\n
    And then we should be able to connect using our proxy service. Easy peasy.<\/p>\n\n\n\n
    Let’s add a little bit of security<\/h2>\n\n\n\n
    As I was writing this blog, I started thinking I don’t want to host a public proxy service. I just want to be able to read my web-pages without GDPR block. This can also be done – fairly easily – so why won’t we do this together as well?<\/p>\n\n\n\n
    First things first, we need to create a password file. We will use the htpasswd<\/code> utility to create that. To get htpasswd<\/code>, you need apache2 <\/code>installed, which we’ll do first:<\/p>\n\n\n\n
    sudo apt-get install apache2 -y\nsudo htpasswd -c \/etc\/squid\/passwd nilfranadmin\n#enter and confirm your password now<\/code><\/pre>\n\n\n\n
    With that done, we’ll dive into the squid configuration file (remember, \/etc\/squid\/squid.conf<\/code>) to configure our authentication:<\/p>\n\n\n\n
    First thing, look for the auth_param<\/code> section around line 427, and add the following line in there:<\/p>\n\n\n\n
    auth_param basic program \/usr\/lib\/squid\/basic_ncsa_auth \/etc\/squid\/passwd<\/code><\/pre>\n\n\n\n
    Afterwards, look for your ACL you created earlier, and then add the following line referencing the authentication:<\/p>\n\n\n\n
    acl nills-from-internet src 0.0.0.0\/0                                                      acl auth_users proxy_auth REQUIRED <\/code><\/pre>\n\n\n\n
    And then finally, we’ll change our http_access<\/code>, around line 1190:<\/p>\n\n\n\n
    http_access allow auth_users                                                               http_access allow nills-from-internet<\/code><\/pre>\n\n\n\n
    And after that’s done, let’s go ahead and restart our squid service, and see if we get an authentication request:<\/p>\n\n\n\n
    sudo service squid restart<\/code><\/pre>\n\n\n\n
    And what that done, all my apps suddenly needed proxy authentication information. Now, in all honesty and transparency, I’m not using SSL – which is not best practice for sending credentials. But as I’m using a fairly useless password, I can live with that to be able to browse the American internet.<\/p>\n\n\n\n
    \"\"
    Edge asking for proxy information. Preview Edge, Chromium based that is. Just for the record.<\/figcaption><\/figure>\n\n\n\n
    \"\"
    Even Teams asked for proxy information.<\/figcaption><\/figure>\n\n\n\n
    Summary<\/h2>\n\n\n\n
    If you are ever geo-blocked and need to browse the web quickly – please just go ahead and use a free or paid VPN\/proxy solution. They will be a lot easier to setup than what I just did (and probably be cheaper as well). However, if you like playing around and figuring out stuff, please follow along and setup your own Squid proxy server. Have fun!<\/p>\n","protected":false},"excerpt":{"rendered":"
    Do you know the feeling: you’re traveling out of the country, and suddenly you cannot access some websites? I recently hit this when I traveled to Europe, and some US websites I wanted to access threw me the GDPR block. I had once setup a proxy server to do some geo-timing tests, and decided to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,5],"tags":[28,26],"class_list":["post-315","post","type-post","status-publish","format-standard","hentry","category-azure","category-open-source","tag-side-project","tag-squid"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/posts\/315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/comments?post=315"}],"version-history":[{"count":3,"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/posts\/315\/revisions"}],"predecessor-version":[{"id":322,"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/posts\/315\/revisions\/322"}],"wp:attachment":[{"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/media?parent=315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/categories?post=315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nillsf.com\/index.php\/wp-json\/wp\/v2\/tags?post=315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}