Install a SQUID anonymous proxy – gists · GitHub
Install SQUID
Create an user
htpasswd -md /etc/squid3/users myuserlogin`
Configure
Edit the file /etc/squid3/:
vi /etc/squid3/
Add or Replace:
# The command for the external authenticator
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/users
# The maximum number of authenticator processes to spawn
auth_param basic children 2
# Text the user will see when he will log in
auth_param basic realm Hello
# Specifies how long squid assumes an externally validated username:password pair is valid for
auth_param basic credentialsttl 4 hours
# Autorize an IP Adress range
acl ip_authorized_1 src x. x. x-x. x
_access allow authenticated ip_authorized_1
Anonymize (Configure next)
header_access Allow allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Enncoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Cookie allow all
header_access Set_Cookie allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All deny all
via off
forwarded_for delete
Only the two last line are very very important (and usefull):
Headers with proxies
{
“Host”: “”,
“Accept”: “text/html, application/xhtml+xml, application/xml;q=0. 9, image/webp, */*;q=0. 8”,
“User-Agent”: “Mozilla/5. 0 (X11; Linux x86_64) AppleWebKit/537. 36 (KHTML, like Gecko) Ubuntu Chromium/38. 0. 2125. 111 Chrome/38. 111 Safari/537. 36”,
“Accept-Encoding”: “gzip, deflate, sdch”,
“Accept-Language”: “fr-FR, fr;q=0. 8, en-US;q=0. 6, en;q=0. 4”,
“Cache-Control”: “max-age=0”,
“Connection”: “keep-alive”}
Headers without
“Connection”: “keep-alive”,
“Accept-Language”: “fr-FR, fr;q=0. 4”}
Bonus. Multiple IP for the same installation:
acl ip1 myip
acl ip2 myip
acl ip3 myip
tcp_outgoing_address ip1
tcp_outgoing_address ip2
tcp_outgoing_address ip3
Thanks to:
Inline SQUID Doc
Anonymous Web Proxy With Squid on Ubuntu – Gareth Evans
The Problem
I was doing a little bit of testing on a web app earlier today and I wanted to be able to switch my IP easily. I’d never used a web proxy before, I’ve never had the need to.
First I found some free proxy listings on sites like HIDE MY ASS, these give you an IP address and port to connect to from your browser. This did the trick but I felt a little vulnerable going through some random proxy. This wasn’t the solution for me.
Then I found Squid. This solved all my problems in one beautiful move, all I needed was a box somewhere to do my dirty work (luckily I have a very reasonable droplet at Digital Ocean) and the following setup.
The Solution
1. Install the Squid server on Ubuntu 12. 04
sudo apt-get install squid
2. Make a backup of the config file before you mess it up:)
sudo cp /etc/squid3/ /etc/squid3/
sudo chmod a-w /etc/squid3/
For the next few steps I’m going to use some pretend IPs for the purpose of this post. Let’s say my home IP address (where I’m using my browser) is “1. 2. 3. 4” and my server’s IP address is “11. 22. 33. 44”.
3. Add some Squid config lines to allow access from your home machine
acl home src 1. 4/24
_access allow home
The first line needs to come first:) and is best kept with the other default acl config lines. The second line needs to come before the default deny from all _access deny all.
4. Restart Squid
sudo /etc/init. d/squid3 restart
You can now test your proxy. Open your browser and set your proxy configuration. There are lots of tutorials around for this sort of thing, if using Chrome you can follow a handy tutorial; set the IP to “11. 44” (your proxy server) and the port to “3128” (default port for Squid) unless you change the port in the squid config. If you visit a site like you should see the IP as “11. 44”. You may also notice that it has recognised you using a proxy and says that this is via “1. 4”.
Top Tip: do you use a firewall? Make sure port 3128 is open for incoming traffic.
5. Make it Anonymous, add the following to the bottom of your config
acl ip1 myip 11. 44
tcp_outgoing_address 11. 44 ip1
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
The first two lines tell squid that any connection coming in on “11. 44” should have an outgoing IP of “11. You can set your outgoing to whatever you like.
6. Restart Squid (see point 4)
And we’re done. You’re proxy server is now set up safely and anonymously. You can add incoming IPs so that you can access it from other locations and configure it to your hearts content.
And More
To make life even easier, using Chrome I added the Proxy Switchy! extension. This allows me to save as many proxy profiles as I like to easily switch between.
Setup a Private Anonymous Proxy server Squid – arstech
Setup a Private Anonymous Proxy server Squid
Update System
# apt-get update
# apt-get upgrade
Installng Squid3 pakage
# apt-get install squid3 squid3-common
Edit Squid configuration file:
# vi /etc/squid3/
To allow the access to Squid proxy only from your IP, find and uncomment next line and put your IP or your IP range:
acl localnet src Your_IP
Add also the lines:
_access allow localnet
_access allow localhost
You can change standard proxy port 3128
_port 3128
For HTTP anonymous browsing add next instructions to end of /etc/squid3/ file:
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
And finally restart squid:
# service squid3 restart
Do not forget configure your browser proxy settings for using your new proxy server.
Use the IP and 3128 port of your proxy.
Note: HTTPS sites will NOT work in this Anonymous setup