NCSA Authentication For Squid

Introduction

In my last post Anonymous Web Proxy With Squid On Ubuntu I wrote a step by step for setting up a web proxy using Squid on Ubuntu 12.04. This was restricted based on the static IP that you access the proxy from. But what if you don’t have a static IP, then what…

Squid comes with support for a few different methods for authentication, some require a few extra installs and some are ready to go straight off the bat. I decided to use the ncsa_auth method, which uses a username and password file on the server to authenticate incoming connections.

The steps below originated from the post Howto: Squid proxy authentication using ncsa_auth helper with a couple of tiny tweaks for version 3 of Squid.

Step 1 – Create a Username and Password

sudo htpasswd -c /etc/squid3/passwd username

Replace “username” with the username you would like to use. You will then be prompted to enter a password and to confirm it.

You also need to make sure that the file has read permissions.

sudo chmod o+r /etc/squid3/passwd

Step 2 – Edit your config

sudo nano /etc/squid3/squid.conf

Add the following lines to setup your ncsa auth.

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

The following two lines set your authentication type, and allow http access based on that authentication.

acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Step 3 – Restart Squid

sudo /etc/init.d/squid3 restart

Conclusion

Now, you can add your new username and password to authenticate your access to your new web proxy. If you’re unable to set the authenticating username and password in the headers you will be prompted by your browser to enter them when you first connect. The line auth_param basic credentialsttl 2 hours tells Squid to keep us authenticated for up to 2 hours. Tweak this as necessary!