Welcome to our guide on how to setup Squid Proxy Authentication on Ubuntu 18.04/Fedora 29/28/CentOS 7 with username and password.
You may also want to check our previous article on how to install and configure Squid Proxy on Fedora 29/Fedora 28/CentOS 7.
Setup Squid Proxy Authentication on Ubuntu 18.04/Fedora 29/28/CentOS 7
In order to setup Squid proxy authentication on Ubuntu 18.04/Fedora 29/28/CentOS 7 with a basic username and password, you need to make a few adjustments on the squid configuration file as follows;
Generate Squid Proxy Authentication Passwords
htdigest are two tools that can be used to generate proxy user authentication passwords. While htpasswd encrypts the passwords and store them in a hashed format, htdigest stores the passwords in plain text hence insecure. In this guide, we are going to use htpasswd utility.
In order to use htpasswd, you need to have
httpd/apache2-utils installed. To install it;
sudo apt-get install apache2-utils
sudo yum install httpd-tools
Once it is installed, run the commands below to generate the password for users to authenticate.
htpasswd -c /etc/squid/.squid_users amos
New password: ENTER PASS Re-type new password: ENTER PASS Adding password for user amos
This creates a password for user amos and store it under
To add more users, you need to remove option -c from the htpasswd command for example;
htpasswd /etc/squid/.squid_users john
New password: Re-type new password: Adding password for user john
When you check the password file, there are now two users with their encrypted passwords;
The squid user should be able to read this file. Therefore run the command below to set proper permissions;
chown squid /etc/squid/.squid_users
Verify that the usernames and passwords provide works fine with Squid proxy.
For every correct entry, you should see
OK displayed as shown below;
amos password OK john password OK
Configure Squid Proxy Authentication
Since all seems fine, proceed to setup squid proxy basic authentication.
Open the squid configuration file for editing and add the following lines.
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.squid_users auth_param basic children 5 auth_param basic realm Proxy Authentication Required auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl auth_users proxy_auth amos john http_access allow auth_users
As a brief overview of the lines set above;
- The first line tells the Squid to use the
basic_ncsa_authhelper program and find the usernames and password in
- The line
auth_param basic children 5specifies the maximum number of squid authenticator processes to spawn.
auth_param basic realmspecifies the protection scope which is to be reported to the client for the authentication scheme.
auth_param basic credentialsttl 2 hoursspecifies how long squid assumes an externally validated username:password pair is valid for
auth_param basic casesensitive offspecifies if usernames are case sensitive.
acl auth_users proxy_auth amos johndefines Squid authentication ACL for users that are allowed to authenticate.
Once you are done with configurations, save the file and restart squid.
systemctl restart squid
Configure your client to use authenticate vai squid proxy server as described in our previous article.
From the client side, if you try to access the internet via browser, you will be prompted to authenticate. See screenshot below;
When you authenticate properly, you will be able to access the internet on browser.
If you try to download a file using wget, you will be prompted to authenticate;
--2018-12-19 00:38:21-- http://google.com/ Connecting to 192.168.43.69:3128... connected. Proxy request sent, awaiting response... 407 Proxy Authentication Required 2018-12-19 00:38:21 ERROR 407: Proxy Authentication Required.
wget --proxy-user=amos --proxy-password=password google.com
--2018-12-19 00:39:36-- http://google.com/ Connecting to 192.168.43.69:3128... connected. Proxy request sent, awaiting response... 301 Moved Permanently Location: http://www.google.com/ [following] --2018-12-19 00:39:37-- http://www.google.com/ Reusing existing connection to 192.168.43.69:3128. Proxy request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘index.html.8’ index.html.8 [ <=> ] 11.72K --.-KB/s in 0.1s 2018-12-19 00:39:38 (97.6 KB/s) - ‘index.html.8’ saved 
Well, there you go. You have successfully setup Squid proxy authentication on Ubuntu 18.04/Fedora29/28/CentOS 7 with username and password. In our next tutorial, we are going to learn how to integrate Squid proxy with LDAP servers for centralized authentication. Thank you for passing by. We hope this was informative.
Hey, want to learn how to set system wide proxy settings on Ubuntu 18.04? You can catch that by following the link below;