How to Setup Squid Proxy Authentication using LDAP (Steps)
How to Setup Squid Proxy Authentication using LDAP (Steps). In this post, we introduce Squid, and LDAP and then navigate through setting up Squid proxy authentication using LDAP.
Ultimately, both the Squid Proxy and LDAP are undoubtedly a familiar terms to IT professionals. Since, they are both extensively used in server administration and networking. On one side, Squid Proxy is primarily used to reduce bandwidth usage, block access to malicious content, and improve performance. However, LDAP on the other side, offers centralized authentication and authorization, typically used in networks with multiple users and resources.
Shall we start with How to Setup Squid Proxy Authentication using LDAP?
What is Squid Proxy?
All in all, Squid Proxy is one of the powerful open source caching and forwarding web proxy servers used by professionals to enhance web performance. Initially, Squid proxy caching web server was designed to improve web performance by caching frequently accessed web pages and images. Basically, it is a server program that works as a mediator between clients and servers over a computer network.
For companies that need to increase the speed and security of their websites, Squid Proxy is the perfect option. Even use the proxy server for blocking malicious requests and filtering web content.
How does Squid Proxy work?
Firstly, Squid must be set up either on the web server or another computer. It acts as a middleman responsible for sending the client’s request to the server. Every time a request is sent, squid saves a copy of the requested object for future reference and responds faster. As a result, the amount of time between when the Squid proxy server forwards the request to the web server and when the web server replies with the internet object back to the proxy server is zero, i.e., quick.
Benefits of Squid Proxy
Here are the following benefits of Squid Proxy, including:
- Delivers fast web browsing experience: supports web caching, i.e., the process of handling repeated requests internally rather than sending them to the source, which speeds up a web server and reduces network traffic.
- Improved network security: prevents access to harmful or unwanted content by filtering incoming traffic. In fact, no external clients are able to pass through the proxy without permission.
- Authentication: configure Squid to define an Access Control List that helps set permissions as to who accesses proxy resources.
- Insightful Reports: produce reports that are used as data for resource allocation, scaling, and security.
- Bandwidth optimization: spreads loads over intercommunicating hierarchies of proxy servers and restricts access to specific websites, which aids in quicker response times and traffic decongestion in the event of a traffic surge, saves bandwidth and improves overall network efficiency.
What is LDAP?
Afterwards, LDAP stands for Lightweight Directory Access Protocol, developed to access and manage directory services in a network. With the help of LDAP, users easily locate information about organizations and other resources. Apart from retrieving information about network resources, LDAP is also used for authentication and authorization.
Organizations use LDAP to store, control, and secure data about themselves, users as well as their assets. By offering a hierarchical structure of information, facilitates storage access and makes it simpler.
Using a server, LDAP enables clients to obtain directory information services. Similar to a file system, the server maintains knowledge about network resources in a hierarchical format. By sending server side queries, clients look up the information in the directory. The client then receives the desired data from the server.
Benefits of LDAP
Here are the following benefits of LDAP, including:
- Better Security: uses encryption and authentication techniques to secure storage and data retrieval process from both internal and external threats.
- Highly Scalable: ideal for networks of all sizes because of its great scalability.
- Centralized Management: large networks are simpler to handle because LDAP offers a centralized location for storing and managing network resources.
We have arrived to the main part of article How to Setup Squid Proxy Authentication using LDAP.
How to Setup Squid Proxy Authentication using LDAP (Steps)
This section explores how to install Squid on Ubuntu and then set up authentication using LDAP.
Prerequisites
- A server running Ubuntu 20.04 or 22.04.
- A root user or a user with sudo privileges.
Update the System
Before starting, it is always a good idea to update the installed packages to the updated version. Update them with the apt command.
apt update -y
apt upgrade -y
Once all the system packages are updated, restart your system to implement the changes.
Install Squid Package
By default, the Squid package is available in the Ubuntu default package repository. Check it with the following command.
apt-cache policy squid
See the Squid package information on the following screen.
Now, use the apt command to install the Squid package on your server.
apt install squid -y
After the successful installation, verify the Squid version using the following command.
squid --version
This shows you the Squid version on the following screen.
By default, Squid proxy listens on port 3128. To check it, run the following command.
ss -antpl | grep squid
You should see the Squid port on the following screen.
Manage Squid Proxy Service
To start the Squid service, run the following command.
systemctl start squid
If you want to enable the Squid service to start after the system reboots, run the following command.
systemctl enable squid
To check the status of the Squid service, run the following command.
systemctl status squid
You should see the Squid status on the following screen.
Configure Squid LDAP Authentication
nano /etc/squid/squid.conf
Add the following lines at the top of the file.
auth_param basic program /usr/lib/squid/basic_ldap_auth -v 3 -b "dc=exampledomain,dc=com" -D uid=ldapuser,ou=People,dc=exampledomain,dc=com -w password -f uid=%s ldap.exampledomain.com
acl ldap-auth proxy_auth REQUIRED
http_access allow ldap-auth
http_access allow localhost
http_access deny all
Save and close the file when you are done. Then, restart the Squid service to implement the changes.
systemctl restart squid
A brief explanation of each configuration is shown below:
- /usr/lib/squid/squid_ldap_auth: Location of the LDAP auth module.
- exampledomain: Name of the LDAP domain.
- ldapuser: Name of the LDAP user.
- People: Name of the LDAP organization unit.
Configure Squid to Anonymize Traffic
Next, you need to configure Squid proxy to mask the client IP address. Do it by editing the Squid main configuration file.
nano /etc/squid/squid.conf
Add the following configuration at the top of the file.
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Save and close the file then restart the Squid service to implement the changes.
systemctl restart squid
Configure Client Machine to Use Squid Proxy Server
At this point, the Squid proxy server is configured with LDAP authentication. Now it’s time to configure the web browser on the client machine to use the Squid proxy server. Follow the below steps to configure the proxy setting.
Open the Firefox web browser and go to preferences. See the following screen.
Scroll down the page and click on the Setting under the Network Settings. You should see the proxy setting screen.
Provide your Squid proxy server IP address, Port and click on the OK button to save the changes.
Verify Squid LDAP Authentication
At this point, your web browser is configured to access the internet via a proxy server. To verify it, open your web browser and type the URL https://whatismyipaddress.com. You will be asked to authenticate the Squid proxy server.
Provide your LDAP username, password and click on the OK button. After the successful authentication, access the WhatisMyIPaddress page.
Thank you for reading the article How to Setup Squid Proxy Authentication using LDAP. We shall conclude it now.
How to Setup Squid Proxy Authentication using LDAP (Steps) Conclusion
In this post, we explained how to set up a Squid proxy server with LDAP authentication. Go ahead and use the LDAP server as a central authentication server for all client computers and track all users browsing history via Squid proxy. Lastly, Squid Proxy and LDAP are quite different as one is used for web traffic optimization, while the other is for accessing and managing directory services. Yet, both of them are important technologies for IT professionals. Follow our above guide to understand how they benefit your organization and improve performance.
