Tutorial โ€ข March 20, 2025 โ€ข 15 min read

๐Ÿง  Understanding and Creating a Basic HTTP Proxy with Squid

Learn how to set up your own HTTP proxy server using Squid on a VPS. This comprehensive guide covers installation, authentication, security, and monitoring for a complete proxy solution.

Table of Contents

1. ๐Ÿงญ Introduction to Proxies

A proxy server acts as an intermediary between a client (like your web browser) and the rest of the internet. When you use a proxy, instead of going directly to a website, your request is sent to the proxy, which then forwards it to the destination server. The response comes back through the same path.

Think of it like sending a letter through a trusted middleman who opens the envelope, checks the contents, then sends it out โ€” optionally modifying, filtering, or caching the information.

2. ๐Ÿ™ What Is Squid Proxy?

Squid is a highly flexible, open-source proxy server primarily used for HTTP and HTTPS traffic. Originally designed for caching web requests to improve performance, it has evolved into a tool used for:

  • Access control (who can use the internet and how)
  • Privacy & Anonymity
  • Bandwidth shaping
  • Content filtering
  • Transparent proxying
  • Security enhancement

Squid supports various protocols including HTTP, HTTPS, FTP, and more. It is widely used in both corporate networks and individual use cases (like routing personal browsing through a VPS).

3. ๐Ÿงฌ How Squid Works: Internals and Flow

Here's a simplified flow of how Squid operates:

  1. Client sends a request to Squid (e.g., to access http://example.com)
  2. Squid checks its access control lists (ACLs) to determine if the request is allowed.
  3. If allowed, Squid forwards the request to the destination server.
  4. Squid receives the response and:
    • Caches it if eligible (based on headers like Cache-Control)
    • Returns the content to the client

Each request passes through a chain of rules defined in squid.conf, including optional authentication, IP filtering, logging, and caching.

4. ๐ŸŽฏ Use Cases for a Personal Squid Proxy

  • Masking Your IP: Traffic appears to come from your VPS instead of your local machine.
  • Bypassing Firewalls: Access websites blocked on your network.
  • Restricting Usage: Only allow certain sites or times.
  • Monitoring: See which sites are visited through logs.
  • Caching: Speed up repeated requests by storing web assets.

5. ๐Ÿ—๏ธ Overview of What We're Building

You'll set up a basic HTTP proxy on a remote VPS, which:

  • Listens on a public port (3128)
  • Requires username/password authentication
  • Forwards all allowed HTTP traffic to the destination
  • Lets you browse the web using the VPS's IP address

6. ๐Ÿ”ง Setting Up a Basic HTTP Proxy on a Remote VPS

Assumptions:

  • VPS running Ubuntu/Debian
  • You have sudo access
  • You want a simple, secure HTTP proxy with login

Step 1: Install Required Packages

sudo apt update && sudo apt install squid apache2-utils -y
  • squid: the actual proxy server
  • apache2-utils: includes htpasswd tool to generate hashed passwords

Step 2: Understand squid.conf

Squid is configured through a single file:

/etc/squid/squid.conf

This file uses a rule-based system. Each line defines:

  • What requests are allowed
  • Who is allowed
  • Whether caching is used
  • Which ports Squid listens on

Important Concepts:

  • ACLs (Access Control Lists) define categories (like IPs or users)
  • http_access rules apply those ACLs to allow/deny requests

Step 3: Backup and Edit the Config

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
sudo nano /etc/squid/squid.conf

Replace the contents with this minimal authenticated proxy config:

http_port 3128

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm Squid Proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

http_access deny all

Explanation:

  • http_port 3128: Squid listens on this port for HTTP proxy requests
  • auth_param: Defines how authentication works using NCSA passwords
  • acl authenticated proxy_auth REQUIRED: Defines an access rule requiring a valid login
  • http_access allow authenticated: Allows users matching the above rule
  • http_access deny all: Denies everything else

7. ๐Ÿ” Enabling Username & Password Authentication

Step 4: Create User Credentials

Use htpasswd to create a password file:

sudo htpasswd -c /etc/squid/passwd proxyuser

Enter your password when prompted.

To add more users later, omit -c:

sudo htpasswd /etc/squid/passwd anotheruser

Step 5: Restart Squid

sudo systemctl restart squid
sudo systemctl enable squid

Step 6: Open Port 3128 in Your Firewall

If you use ufw:

sudo ufw allow 3128/tcp

Also, check cloud firewall rules in your VPS provider's dashboard.

8. ๐ŸŒ Connecting to the Proxy

Step 7: Get Your VPS IP Address

Run:

curl ifconfig.me

You'll get something like:

203.0.113.45

This is the IP your proxy will expose to the web.

Step 8: Configure Your Client

You can use:

  • System proxy settings
  • Browser proxy settings (e.g., Firefox)
  • Proxy-aware tools like curl or Proxifier

Use these values:

  • Proxy IP: 203.0.113.45
  • Port: 3128
  • Username: proxyuser
  • Password: yourpassword

Example test with curl:

curl -x http://proxyuser:yourpassword@203.0.113.45:3128 https://ipinfo.io/ip

If successful, you'll see the VPS IP in the output.

9. ๐Ÿ›ก๏ธ Security Considerations

Important Security Notes

  • Use Strong Passwords: Weak logins can be brute-forced.
  • Change Default Ports: Move from 3128 to something obscure.
  • IP Whitelisting: Allow access only from known client IPs:
acl myclient src YOUR.CLIENT.IP
http_access allow myclient authenticated
  • No HTTPS: This basic config only supports HTTP proxying. HTTPS proxy support (i.e., CONNECT method or SSL bumping) requires more advanced setup.
  • Logging: Logs can be found here:
/var/log/squid/access.log

10. ๐Ÿ“ˆ Monitoring Usage

Use:

sudo tail -f /var/log/squid/access.log

To see real-time proxy requests.

Or:

cat /var/log/squid/access.log | grep proxyuser

To view usage per user.

11. ๐Ÿงพ Summary and Next Steps

You now have a fully functional, authenticated HTTP proxy server using Squid, running on a VPS.

What you've learned:

  • What Squid is and how it works
  • How to install and configure a basic proxy
  • How to add login protection
  • How to test and verify traffic routing through your proxy
  • How to log and monitor usage

โž• Want More?

Consider exploring these advanced topics:

  • HTTPS proxy support with SSL bumping
  • Advanced access control with custom ACLs
  • Content filtering and parental controls
  • Load balancing with multiple proxy servers
  • Integration with authentication systems like LDAP