I recently decided to set up a proxy server due to the fact that our web browsers tend to leak a lot of our information to the internet which means for us as user we are not safe and there is no privacy we are getting while surfing the web.
What is a proxy server?
A proxy server acts as a gateway between you and the internet. It’s an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy.
Below is a graphical representation of a proxy server being set up on a personal network.
Our browsers tend to leak information like our IP address, country that the IP is residing from, specific region of the country, time zone, longitude and latitude, the OS, ISP and many other more.
As you can see a lot of information is being leaked without the knowledge of most users surfing the web, so the best way to mitigate this is to have a proxy server in place and that’s exactly what I did.
Some sites which can help you see the type of information that your browser is leaking include browserleaks.com/ip, privacy.net/analyzer and dnsleaktest.com, those are just among the few to mention.
For this tutorial we are going to learn step by step process on how to install squid proxy server on our Ubuntu VPS. There are two methods which can be used to connect your LAN to your proxy server which includes
- Restricting IP address method
- Authentication method
For today we are going to focus on the authentication process which is much better and that’s just a personal opinion and preference.
There are two tools that can be used to generate proxy user authentication passwords, these tools include htpasswd and htdigest. Htpasswd tends to encrypt the passwords in hashed format while htdigest tends to store its passwords in plain text so we are going to use htpasswd which is more secure.
In order to install htpasswd you need to type in the following commands
Once installed type the following commands to generate the password’s for the users to authenticate.
This creates a password for the user test and store it in /etc/squid/.squid_users.
To add more users you need to remove the –c from the htpasswd command for example
When you check the password file, there are now two users with their encrypted passwords
CONFIGURE SQUID PROXY AUTHENTICATION
It’s time to proceed and setup squid proxy basic authentication. Open the squid configuration file (/etc/squid/squid.conf) for editing and add the following lines
Note: some times the path marked in green of the first line piece of code could be different so you have to verify if yours is
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.squid_users
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/.squid_users
As a brief explanation for the pieces of codes listed above.
- The first line tells the Squid to use the basic_ncsa_auth helper program and find the usernames and password in /etc/squid/.squid_users file.
- The line auth_param basic children 5 specifies the maximum number of squid authenticator processes to spawn.
- auth_param basic realm specifies the protection scope which is to be reported to the client for the authentication scheme.
- auth_param basic credentialsttl 2 hours specifies how long squid assumes an externally validated username:password pair is valid for
- auth_param basic casesensitive off specifies if usernames are case sensitive.
- acl auth_users proxy_auth test test2 defines Squid authentication ACL for users that are allowed to authenticate.
Once you’re done with that you must add additional configuration on the squid config file (/etc/squid/squid.conf)
Search for and finally deny it will take you to the below piece of code
Change the above piece of code to the below piece of code from deny all to allow all
Once that’s done search for httpsss_access deny to_localhost it will take you to the below piece of code
Now copy that code and paste I below and it should look like this
Remember don’t include the # sign when you pasting the code.
CLIENT SIDE SETTING’S OF THE PROXY
Now we have to configure the client-side to accept the proxy setting so that all traffic would be forwarded to the proxy server before accessing the internet. There are two methods which you can use to configure the proxy settings, the first step is to go to the search bar as show below and type internet options and press enter
On internet properties, the first thing is on the top tabs go and click on connections then other options will appear
Click on the local area network tab and you will be redirected on the local area network setting panel as shown below
Click on the proxy server section the checkboxes that there as shown below and insert the details of your proxy server and the default port that squid listens on which is port 3128.
Note: the IP address will be different but the port number would be the same.
The second method is more straight forward and simple, as usually we go to the Search tab and search for proxy settings this time and press enter.
Next an automatic proxy setup tab will open up, scroll down and start setting up the proxy settings under manual proxy setup.
On use a proxy server under manual proxy setup toggle the button from left to write to active the settings options as shown below
Next fill in the address and port sections then click save
Note: the IP address would be different depending on your proxy server IP but the port would be the same 3128.
When you authenticate properly and try to access the internet, you will be requested to authenticate to access the web.