How to Create an HTTP Proxy Using Squid on CentOS 8

Squid is a free and open-source web proxy caching server that supports different protocols, such as HTTP, HTTPS, FTP, and SSL. It is mainly used as a caching proxy server and can greatly improve the server performance by caching repeated requests, filtering web traffic, and accessing geo-restricted content.

Squid can act as an intermediary between the client and web server. After connecting the Squid proxy, you will be able to anonymously access Internet services and bypass local network restrictions.

In this tutorial, we will learn how to install and configure Squid Proxy on CentOS 8.

Step 1 – Install Squid Proxy Server

The Squid package is available in the CentOS 8 default repository. You can install it by just running the following command:

dnf install squid -y

Once installed, start the Squid proxy service and enable it to start at reboot with the following command:

systemctl start squid
systemctl enable squid

Step 2 – Configure IP Based Authentication

There are several ways to configure Squid to accept connections and serve as an HTTP proxy. In this section, we will configure Squid to authenticate clients based on their IP addresses.

Open the Squid default configuration file at /etc/squid/squid.conf:

nano /etc/squid/squid.conf

Add the following line at the beginning of the file:

acl user1 src 192.168.0.10
acl user2 src 192.168.0.11
http_access allow user1 user2

Save and close the file when you are finished, then restart the Squid service to apply the changes:

systemctl restart squid

In the above step, substitute your relevant information as below:

user1 and user2 is the name that identifies the client computers.

192.168.0.10 and 192.168.0.11 is the IP address of the client computer.

Step 3 – Configure User Based Authentication

In this section, we will configure Squid to authenticate a client with usernames and passwords.

First, install the Apache utility package in your system:

dnf install httpd-tools -y

Next, create a file to store Squid users and passwords and change the ownership of the password file:

touch /etc/squid/squid_passwd
chown squid /etc/squid/squid_passwd

Next, create a new squid user with name user1 using the following command:

 

htpasswd /etc/squid/squid_passwd user1

You will be asked to create a password for this user as shown below:

New password:
Re-type new password:
Adding password for user user1

Next, create another user named user2 with the following command:

htpasswd /etc/squid/squid_passwd user2

Provide a password for this user as shown below:

New password:
Re-type new password:
Adding password for user user2

You can now verify both users with the following command:

cat /etc/squid/squid_passwd

You should get the following output:

user1:$apr1$szXO3OTj$37MuRy2V06mIAOiRpFjnr1
user2:$apr1$MCAckv0h$0VwDLLhAfMLaLm3Xvk3H/0

Next, edit the Squid configuration file:

nano /etc/squid/squid.conf

Add the following lines at the beginning of the file:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file, then restart the Squid proxy service to apply the changes:

systemctl restart squid

Step 4 – Configure Combined Authentication

In this section, we will configure Squid to authenticate a client based on the IP address and username/password.

Edit the Squid default configuration file:

nano /etc/squid/squid.conf

Find the following lines which you added earlier:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
acl user1 src 192.168.0.10
acl user2 src 192.168.0.11
http_access allow user1 user2

And replace them with the following lines:

acl user1 src 192.168.0.10
acl user2 src 192.168.0.11
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow user1 user2 ncsa_users

Save and close the file, then restart the Squid proxy service to apply the changes:

systemctl restart squid

Step 5 – Configure Squid to Anonymize Traffic

Next, you will need to add some rules to mask client IP addresses from the servers that receive traffic from your Squid HTTP proxy.

You can do it by editing the Squid default configuration file:

nano /etc/squid/squid.conf

Add the following lines at the beginning of the file:

forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Save and close the file, then restart the Squid proxy service to apply the changes:

systemctl restart squid

Step 6 – Test Squid Proxy

At this point, your Squid proxy server is configured to accept client connections based on the IP address and username/password and anonymously handle Internet traffic.

Next, you will need to configure your Client computer’s browser settings to use your Squid server as an HTTP proxy.

On the client computer, open Mozilla Firefox and click on Edit => Preferences as shown below:

Scroll down to the Network Settings section and click on Settings. You should see the following page:

Select the Manual proxy configuration radio button, enter your Squid server IP address in the HTTP Host field and 3128 in the Port field, select the “Use this proxy server for all protocols” check box, and click on the OK button to save the settings.

Now your browser is configured to browse the Internet through the Squid proxy.

To verify it, type the URL https://www.whatismyip.com/. You will be asked to provide a username and password as shown below:

Provide your Squid proxy server username and password which you have created earlier and click on the OK button. You should see the following page:

On the above page, you should see your Squid server’s IP address IP address instead of the IP address of your client computer.

Conclusion

In the above guide, you learned how to configure Squid as an HTTP proxy server on CentOS 8 and configure your browser to use it. You can now surf the web anonymously and keep Firefox from tracking you. Try out Squid on a VPS hosting account from Atlantic.Net today!