Creating an HTTP Proxy Using Squid on CentOS 6.4
Updated by Alex Fornuto Written by Alex Fornuto
Squid is a proxy/cache application with a variety of configurations and uses. This guide will cover using Squid as an HTTP proxy. Please note that unless you follow the last section of the guide Anonymizing Traffic, this will not anonymize your traffic to the outside world, as your originating IP address will still be sent in the X-Forwarded-For header. Additionally, the traffic is not encrypted and will still be visible on your local network. If you are looking for a solution that offers greater security, you may want to look at our guide to Setting up an SSH Tunnel or Deploy VPN Services with OpenVPN.
NoteThis guide is written for a non-root user. Commands that require elevated privileges are prefixed withsudo
. If you’re not familiar with thesudo
command, you can check our Users and Groups guide.
Installing Squid
Squid is available in the CentOS repositories. To ensure your system is up-to-date and install Squid run the following commands:
sudo yum update sudo yum install squid
Copy the original configuration file to keep as a backup:
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.default
Configuring Squid as an HTTP proxy
Squid Proxy can be used as an HTTP proxy to bypass local network restrictions, or mask your true location to the world.
Basic Setup
This section covers the easiest way to use Squid as an HTTP proxy, using only the client IP address for authentication.
Edit the Squid configuration file and add the following lines:
- /etc/squid/squid.conf
-
1
acl client src 12.34.56.78 # Home IP http\_access allow client
Be sure to replace client with a name identifying the connecting computer, and 12.34.56.78 with your local IP address. The comment # Home IP
isn’t required, but comments can be used to help identify clients.
Once you’ve saved and exited the file, start Squid:
sudo service squid restart
At this point you can configure your local browser or operating system’s network settings to use your Linode as an HTTP proxy. How to do this will depend on your choice of OS and browser. Once you’ve made the change to your settings, test the connection by pointing your browser at a website that tells you your IP address, such as ifconfig, What is my IP, or by Googling What is my ip.
Additional clients can be defined by adding new
acl
lines to/etc/squid/squid.conf
. Access to the proxy is granted by adding the name defined by eachacl
to thehttp_access allow
line.
Advanced Authentication
The following configuration allows for authenticated access to the Squid proxy service using usernames and passwords.
You will need the
htpasswd
utility. If you’ve installed Apache on your Linode, you will already have it. Otherwise run:sudo yum install httpd-tools
Create a file to store Squid users and passwords, and change ownership:
sudo touch /etc/squid/squid_passwd sudo chown squid /etc/squid/squid_passwd
Create a username password pair:
sudo htpasswd /etc/squid/squid_passwd user1
Replace user1 with a username. You will be prompted to create a password for this user:
New password: Re-type new password: Adding password for user user1
You can repeat this step at any time to create new users.
Edit the Squid configuration file and add the following lines:
- /etc/squid/squid.conf
-
1 2 3
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users
Once you’ve saved and exited the file, restart Squid:
sudo service squid restart
At this point, you can configure your local browser or operating system’s network settings to use your Linode as an HTTP proxy. You will need to specify that the server requires authentication, and provide the username and password. How to do this will depend on your choice of OS and browser. Once you’ve made the settings change, test the connection by pointing your browser at a website that tells you your IP address, such as ifconfig, What is my IP, or by Googling What is my ip.
To remove a user’s access to the proxy, you must delete their entry in the
squid_passwd
file. Each user is represented in the file on a single line in the format ofuser:passwordhash
:- /etc/squid/squid\\_passwd
-
1
user1:gh48gfno user2:9b83v5hd
If you are using Nano, the command
Control+k
will remove the entire line where the cursor rests. Once you’ve saved and exited the file, restart Squid:sudo service squid restart
Anonymizing Traffic
In order to mask your IP address from servers you connect to, you will need to add the following lines to the Squid configuration file.
- /etc/squid/squid.conf
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all
Once you’ve saved and exited the file, restart Squid:
sudo service squid restart
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
Join our Community
Find answers, ask questions, and help others.
This guide is published under a CC BY-ND 4.0 license.