How to configure Squid Proxy Server Authentication in CentOS 6.7

To configure Squid Proxy Server Authentication in CentOS 6.7

Squid proxy server works by tracking the objects use over the network. Squid will act as an intermediary and simply passes the client' s request on the server and also caches the copy of requested object. The purpose of this configuration is used to allow squid user to access internet with their own login credentials. This method will help in production environment and user can work in their own proxy rule. This tutorial is done to configure squid proxy user authentication using nsca_auth in CentOS 6.7.

Configuration procedure

To start with the configuration procedure, install squid and apache packages using yum command and press y to continue.

[root@server1 Desktop]# yum install squid httpd -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: centos.excellmedia.net
 * extras: centos.excellmedia.net
 * updates: centos.excellmedia.net
.
.
.
Dependency Updated:
  httpd-tools.x86_64 0:2.2.15-60.el6.centos.5                                                                
Complete!

Start and check the status of squid service. 

[root@server1 Desktop]# service squid start
[root@server1 Desktop]# service squid status

Start and check the status of apache service. 

[root@server1 Desktop]# service httpd start
[root@server1 Desktop]# service httpd status

Open the squid.conf configuration file and create ACL rule for blocking the website.

[root@server1 Desktop]# vim /etc/squid/squid.conf

acl ip_block src 192.168.7.208 192.168.7.207
acl web_block dstdomain “ /etc/squid/block.txt” 
http_access deny ip_block  web_block
http_access allow ip_block

Create a file under /etc/squid/ and enter the sites to block.

[root@server1 Desktop]# vim /etc/squid/block.txt
.youtube.com
.facebook.com

Locate the ncsa_auth authentication.

[root@server1 Desktop]# rpm -ql squid | grep ncsa_auth
/usr/lib64/squid/ncsa_auth
/usr/share/man/man8/ncsa_auth.8.gz

Create username and password for authentication. 

[root@server1 Desktop]# htpasswd &ndash c /etc/squid/passwd user1

Configure nsca_auth for squid proxy authentication. 

[root@server1 Desktop]# vim /etc/squid/squid.conf
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
acl ncsa proxy_auth REQUIRED
http_access deny !ncsa

Finally restart the squid service. 

[root@server1 Desktop]# service squid restart

Check the squid proxy server authentication on client machines. Enter the squid login credentials on pop-up window. Enter the required credetials.

Now the user is able to access websites.

To check for the restricted website, try to access it in the browser. The page will be blocked as you have configured.

The configuration procedure of Squid proxy server authentication on CentOS 6.7 is done successfully.

Tag : Squid CentOS Proxy server
FAQ
Q
Does Squid support SSL/HTTPS/TLS?
A
The browser opens an SSL connection directly to the origin server, the browser tunnels the request through Squid with the CONNECT request method.
Q
icpDetectClientClose: ERROR xxx.xxx.xxx.xxx: (32) Broken pipe in squid setup?
A
This means that the client socket was closed by the client before Squid was finished sending data to it. Squid detects this by trying to read(2) some data from the socket.
Q
icpDetectClientClose: FD 135, 255 unexpected bytes error in squid?
A
These are caused by misbehaving Web clients attempting to use persistent connections under squid proxy.
Q
My Squid becomes very slow after it has been running for some time?
A
This is most likely because Squid is using more memory than it should be for your system. When the Squid process becomes large, it experiences a lot of paging. This will very rapidly degrade.
Q
resolve the problem while getting as WARNING: Failed to start 'dnsserver' in squid proxy?
A
All current Squid now contain an optimized internal DNS engine. Which is much faster and responsive that then the dnsserver helper. That should be used by preference.