Using a personal proxy server can be helpful for a variety of reasons, such as:
- Performance – network speed and bandwidth
- Security – filtering and monitoring
- Debugging – to trace activity
Here are some simple steps to get you started, obviously you will need to further “harden” security to make it production ready!
sudo apt-get install squid3
cd /etc/squid3/
sudo mv squid.conf squid.orig
sudo vi squid.conf
NOTE: the following configuration works, but will likely need to be adapted for your specific usage.
http_port 3128
visible_hostname proxy.EXAMPLE.com
auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
#auth_param digest program /usr/lib/squid3/digest_pw_auth -c /etc/squid3/passwords
auth_param digest realm proxy
auth_param basic credentialsttl 4 hours
acl authenticated proxy_auth REQUIRED
acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
#acl SSL_ports port 443
#http_access deny to_localhost
#http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow authenticated
via on
forwarded_for transparent
Create the users and passwords:
sudo apt-get install apache2-utils (required for htdigest)
sudo htdigest -c /etc/squid3/passwords proxy user1
sudo htdigest /etc/squid3/passwords proxy user2
Open up firewall port (if enabled):
sudo ufw allow 3128
Restart the server and tail the logs:
sudo service squid3 restart
sudo tail -f /var/log/squid3/access.log
OTHER FILE LOCATIONS:
/var/spool/squid3
/etc/squid3
MONITORING with Splunk…
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid3/access.log -index main -sourcetype Squid3
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid3/cache.log -index main -sourcetype Squid3
REFERENCES:
- https://help.ubuntu.com/lts/serverguide/squid.html
- https://help.ubuntu.com/12.04/serverguide/squid.html
- https://www.digitalocean.com/community/tutorials/how-to-install-squid-proxy-on-ubuntu-12-10-x64
- http://dabase.com/blog/Minimal_squid3_proxy_configuration/
- https://www.linode.com/docs/networking/squid/squid-http-proxy-ubuntu-12-04
- http://www.tecmint.com/install-squid-in-ubuntu/
- http://www.debianhelp.org/node/1713
- http://nikhgupta.com/code/setting-up-anonymous-proxy-with-squid/
- http://blog.garoevans.com/2013/11/28/anonymous-web-proxy-with-squid-on-ubuntu/
http://wiki.alpinelinux.org/wiki/Setting_up_Explicit_Squid_Proxy- http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
- http://www.liquidweb.com/kb/how-to-install-squid-caching-proxy-on-ubuntu-14-04-lts/
- http://rathinavneet.blogspot.com/2012/12/set-up-squid-proxy-minimum.html
- http://dabase.com/blog/Minimal_squid3_proxy_configuration/