Site Navigation:

Configure Squid as proxy server on fc3

Author:  Sven Knispel
Updated:  [udate]

Squid is a powerfull proxy server server supporting proying and caching of HTTP, FTP and other URLs. Quid also caches DNS lookups.
This article focuses on configuring Squid on Fedora Core 3 to act as a simple web-proxy with autentification. Assuming Squid is already installed following steps are required:

• Configure the output and cache files
• Configure the authentification
• Define the rights
• Initialize squid
• Test

The RPM for installing squid is available here.
After installing squid the configuration is done ny editing /etc/squid/squid.conf.

1. Configure the output and cache files

Following entries are relevant for configuring the output and cache directories:

• cache_dir
• cache_access_log
• cache_log
• cache_store_log

The can be left (commented out) or uncommentet and changed.

2. Configure the authentification

By default squid only allows access from localhost.
To change this an authentification mode must first be selected. I chose to check users against a separate unix-like password-file.

2.1. Set the authenfication parameters

Therefore the definition looks like:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squidpasswd
where /usr/lib/squid/ncsa_auth is the program used to authentify and /etc/squidpasswd is the password file to be checked against.
I have left the rest of the auth_param as the recommended minimum.

2.2. Define the rights

Rights are defined using acls. These allow to define what is allowed and deny what is not defined. acl trustedusers proxy_auth REQUIRED
http_access allow trustedusers

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access deny !Safe_ports

http_access allow localhost
http_access deny all

The first section defines trustedusers as being the one who authentified and grants these users the right to access the proxy.
The second section defines the ports that can be accessed through the proxy server.
The last section allows full access to requests comming from locahost and denies everything else.

2.3. Create the password file

in 2.1. we have defined the password file to be /etc/squidpasswd. This file has now to be populated with entries (username:password).
For that we'll use htpasswd:

• htpasswd -c /etc/squidpasswd <user1> will create the file an add a user and password to it
• htpasswd /etc/squidpasswd <user2> will add another user to the file

3. Initialize and test Squid

To initialize Squid issue the command /usr/sbin/squid -z: this will create the cache files.
Finally Squid can be started in debug-mode and tested: /usr/sbin/squid -NCd1.
If everything works fine squid ca be started as a service: /sbin/service squid start

3. References

More about configuring Squid as well as a FAQ can be found here:

• http://www.squid-cache.org/
• http://www.squid-cache.org/Doc/FAQ/FAQ.html