Installing a Squid proxy server on Ubuntu 12.10 with NCSA authentication
This week I needed to investigate and fix some bugs that customers behind proxy servers were experiencing in Octopus Deploy. I didn't have easy access to a proxy server, so I decided to set one up using Squid, an open source web proxy server. I've seen Squid used in many shops before but this is the first time I'd ever configured it.
I use Windows 8 day to day, and although Squid appears to work on Windows, I wanted to set this up in a clean environment. So I created a new virtual machine in Hyper-V, and installed Ubuntu Server 12.10. I worked through the installation guide, selecting the keyboard layout, timezone, and so on. When prompted for packages, I only chose to install OpenSSH server.
I started by installing Squid:
sudo apt-get install squid
This actually installed Squid 3.1.20, so my Squid configuration file was located at
Next, I tested whether Squid worked out of the box. I used
ifconfig to find out my VM's IP address, then opened that in a browser on port 3128. I was given a page that said Squid at the bottom, so that's a good sign.
Setting up a password file
Squid has a ton of options for authentication. Since I'm just testing proxy server authentication, I went with a simple NCSA-style username and password configuration. First I installed
apache2-utils to get access to
sudo apt-get install apache2-utils
Next I created a file called
users in my Squid configuration folder, with a user named
sudo htpasswd -c /etc/squid3/users paul
And I made sure Squid could read that file:
sudo chmod o+r /etc/squid3/users
Configuring Squid to use NCSA authentication module
The different authentication modules are distributed as binaries that come with Squid, and to configure them you have to know where they are located. This command listed their locations:
dpkg -L squid3 | grep ncsa_auth
For me the output was
To enable the module, I opened the Squid configuration file in
sudo vi /etc/squid3/squid.conf
I searched for the text
TAG: auth_param to find where the authentication module is configured. Next I added the following configuration:
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/users auth_param basic children 5 auth_param basic realm Paul's Squid! auth_param basic credentialsttl 2 hours auth_param basic casesensitive off
Next, I needed to add the ACL to give the users access. I searched for
TAG: acl in the Squid configuration file and added this ACL to the list:
acl ncsa_users proxy_auth REQUIRED
Then I searched for
TAG: http_access to find where HTTP access rules are configured. Scrolling down, there's a section where you can insert your own rules. I added:
http_access allow ncsa_users
Finally, I restarted Squid:
sudo service squid3 restart
And bam! After configuring the proxy settings, I was prompted for proxy credentials:
I could have just used Fiddler
Not long after this, I discovered that Fiddler (which acts as a proxy) can require authentication. It's as simple as checking Rules -> Require Proxy Authentication. D'oh!
The following guides were very useful in getting this working. The main differences I found was that when I installed Squid, I got Squid 3.1.20, while the guides appear to use an older version.
Welcome, my name is Paul Stovell. I live in Brisbane and work on Octopus Deploy, an automated deployment tool for .NET applications.
Prior to founding Octopus Deploy, I worked for an investment bank in London building WPF applications, and before that I worked for Readify, an Australian .NET consulting firm. I also worked on a number of open source projects and was an active user group presenter. I was a Microsoft MVP for WPF from 2006 to 2013.