Configuring Squid proxy server to require user authentication

This is one of those blog posts that is really just a mental note for myself in case I ever have to come back and find it again.  Our company has some old legacy client-server applications that are now being required to connect to our new web services.   As part of our development, one of the requirements was to make sure that the applications could reach our web services by way of a proxy server both with and without user authentication.

I temporarily set up my laptop with Squid proxy server for the Power Builder developers to test their applications through.  It is a sweet little proxy server and I had it running withing just a matter of a few minutes.  By default, it does not enable user authentication.  After a bit of tinkering with it, I was able to easily add it.    Here are the steps I took:

(NOTE:  In Debian/Ubuntu, you will want to use sudo for all of the following)

First, we need to create an passwd file to use as our ACL, and give it the appropriate permissions

#touch /etc/squid/squid-passwd
#chmod o+r /etc/squid/squid_passwd

Now we will add our first user to the ACL.  If you do not have the passwd command available, it can be added from a number of packages, including “apache2-utils”

#htpasswd /etc/squid/squid-passwd jdoe
New password:
Re-type new password:
Adding password for user jdoe

Now we need to edit our /etc/squid/squid.conf file.  In the auth_param section, you need to add:

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid-passwd

In the ACL section, you need to add:

acl ncsa_users proxy_auth REQUIRED

In the http_access section, you need to add:

http_access allow ncsa_users

Now, you need to restart the Squid service and any future connections will force the client to use a username and password.