Seting-Up a HTTP Proxy Server with Authentication and Filtering

sudo apt-get install squid

Configure Squid by opening /etc/squid/squid.conf using your favorite text editor. In the configuration file, search for the following directives and modify (or add, if they don't exist) as it follows: http_port 3128 - The port Squid will listen for connections. If your system has two or more interfaces, you can specify which IP address to use. Eg: http_port 192.168.0.1:3128 http_access deny all - Search for it in the config file, uncomment it (remove the # in front), and replace deny with allow so it becomes http_access allow all. Restart the Squid proxy with: CODE $ sudo /etc/init.d/squid restart Now you should have a fully functional HTTP proxy. To try it out, open a browser, open its preferences dialog and go to proxy settings. Here, enter the IP address of the machine running Squid and the port set in squid.conf. Now load a webpage. SETTING UP SQUID AUTHENTICATION AND WEB FILTERING This section will allow you to set up a web site filter for kids. The first time an address is entered in the browser's address bar, an authentication dialog will pop-up, prompting for a username and password. We will set-up two usernames, one with full and another with restricted access. First, open the /etc/squid/squid.conf and add the following line in the auth_param section: auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd Now create the user accounts using htpasswd (use -c only for the first user): CODE $ sudo htpasswd -c /etc/squid/passwd dad Enter a password for user 'dad': Again: $ sudo htpasswd /etc/squid/passwd kid Another password: Again: Create the ACLs by adding the following lines in the ACCESS CONTROLS (acl) sections in Squid.conf: CODE acl dadUser proxy_auth dad acl kidUser proxy_auth kid acl whitelist dstdomain "/etc/squid/whitelist" http_access allow dadUser http_access allow kidUser whitelist Create the whitelist by opening a text editor, adding allowed domains like this: .google.com .kids-play.com .yahoo.com .msn.com and save it as /etc/squid/whitelist. Finally, search for http_access allow all in the Squid config file and modify it so it looks like this: http_access deny all This is how my Squid config sections look like: CODE # NETWORK OPTIONS # Squid normally listens to port 3128 http_port 192.168.0.1:3128 # TAG: auth_param #Recommended minimum configuration per scheme: auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd # ACCESS CONTROLS # TAG: acl acl dadUser proxy_auth dad acl kidUser proxy_auth kid acl whitelist dstdomain "/etc/squid/whitelist" http_access allow dadUser http_access allow kidUser whitelist # TAG: http_access # And finally deny all other access to this proxy http_access deny all Use deny all for squid with authentication and allow all for basic squid configuration.