Open in app

Sign in

Write

Sign in

Setting up a quick Username/Password Proxy using Squid and AWS

Valente Vidal
8 min readSep 8, 2024

--

I’m currently working on a project that requires to do web monitoring using a ZA (South Africa) IP. While subscribing to a proxy service that offers ZA IPs is one approach, I discovered that obtaining a reliable single IP proxy from South Africa was surprisingly challenging. After extensive research and troubleshooting, I decided to host my own solution using AWS.

  • It’s worth noting that although this guide focuses on a South African IP, the same process can easily be adapted for other regions.

Enabling the South Africa AWS Data Center

The first step involves enabling the South Africa data center in your AWS account. This process can take several hours, so it’s advisable to initiate this step in advance. I recommend starting this process the night before to ensure everything is ready for the next day.

How to enable a region in

Creating an EC2 Instance and Assigning an Elastic IP

Once the South Africa region is enabled, the next step is to create an EC2 instance in this region and allocate an Elastic IP. This will allow you to maintain a consistent IP address for your web monitoring tasks.

Allocating an Elastic IP Address

This part of the process is straightforward. Follow these steps to allocate an Elastic IP:

  1. Navigate to the EC2 Dashboard in the AWS Management Console.
  2. On the left-hand menu, select Elastic IPs.
  3. Click Allocate Elastic IP Address to reserve a static IP address for your instance.

Once the Elastic IP is allocated, you’re ready to proceed with launching your EC2 instance.

Launching an EC2 Instance

  1. Return to the EC2 Dashboard.
  2. Click Launch Instance and follow the guided setup to configure your new virtual server in the South African region.

Configuring Your EC2 Instance and Network Settings

For this setup, I’ll be using Ubuntu 24.04, which was the latest version at the time of writing.

  • Instance Type: Choose t3.micro.
  • Key Pair: Since I won’t be using SSH frequently, I decided to proceed without a key pair. For occasional access, I’ll use the AWS portal to connect directly.

Next, let’s configure the network settings for the EC2 instance.

  • Port 3128: We’ll use this port for proxy services. Since our proxy won’t require web traffic, you can safely skip enabling Allow HTTP traffic from the internet and Allow HTTPS traffic from the internet.

For now, configure the security group to allow SSH traffic from anywhere. This temporary access will allow us to complete the initial setup. Once the proxy is set up, we will remove SSH access to strengthen security.

with that configuration sorted out, launch the Instance

Initializing and Connecting to the Instance

Once you’ve launched the instance, it will take a few minutes to initialize — usually around 5 minutes.

When the instance status changes to “running” and it’s ready, you can connect to it. Since I’m not using SSH for frequent access, I’ll be connecting through the AWS web portal:

  1. Navigate to the EC2 Dashboard.
  2. Select your instance from the list.
  3. Click Connect at the top of the screen.
  4. Choose the EC2 Instance Connect option and then click Connect again to access the instance directly through your browser.

This method provides a quick and convenient way to manage the instance without needing to set up an SSH client.

Installing Squid and Configuring the Proxy

Once you’re logged into your EC2 instance, the next step is to install Squid and Apache2-utils. Squid will serve as the proxy server, while Apache2-utils will handle authentication.

  1. Update the package list:
sudo apt update
sudo apt -y install squid
sudo apt -y install apache2-utils
sudo ufw allow 3128
systemctl status squid.service

Here’s what each command does:

  • sudo apt update: Updates the package list to ensure you’re installing the latest versions.
  • sudo apt -y install squid: Installs Squid, which will act as the proxy server.
  • sudo apt -y install apache2-utils: Installs Apache2-utils, which will be used for setting up authentication.
  • sudo ufw allow 3128: Configures the firewall to allow traffic on port 3128, the port Squid uses for proxy services.
  • systemctl status squid.service: Checks the status of the Squid service to confirm that it’s running properly.

After running these commands, the output of systemctl status squid.service should show the service as active and running:

 systemctl status squid.service
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; preset: enabled)
     Active: active (running) since Sun 2024-09-08 13:04:04 UTC; 14min ago
       Docs: man:squid(8)

Configuring Squid

Now that Squid is installed, the next step is to configure it to meet your requirements. The configuration file for Squid contains many options, most of which are commented out (disabled by default). You’ll need to modify a few key sections to allow access to your proxy.

Open the Squid configuration file using vim:

sudo vim /etc/squid/squid.conf

Navigating the Squid Configuration File: Be aware that Squid’s default configuration file is quite extensive, and many settings are temporarily disabled by a # symbol at the beginning of the line. You’ll need to search through this large file to find the specific sections that require modification.

Searching in vim: To search within the file in vim, press the / key, followed by the keyword you’re looking for. For example, to find the section that allows access, type:

/INSERT

Then press Enter. This will take you directly to the relevant part of the file.

Modifying the Access Rules: Once you’ve located the following section:

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
include /etc/squid/conf.d/*.conf
...
# And finally deny all other access to this proxy

Replace it with the following updated rules:

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
include /etc/squid/conf.d/*.conf



# Define the basic authentication parameters
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic realm proxy

# Define an access control list (ACL) for authenticated users
acl authenticated_users proxy_auth REQUIRED

# Allow access for authenticated users only
http_access allow authenticated_users

# Allow localhost (the server running the proxy)
http_access allow localhost

# Deny all other access
http_access deny all

Here’s a breakdown of what these changes do:

  • auth_param basic program: Defines the authentication method using basic_ncsa_auth and points to the password file where credentials will be stored.
  • auth_param basic realm: Sets the authentication realm, which will be displayed in the login prompt (in this case, it’s labeled as proxy).
  • acl authenticated_users proxy_auth REQUIRED: Creates an Access Control List (ACL) that only allows authenticated users.
  • http_access allow authenticated_users: Grants access to authenticated users.
  • http_access allow localhost: Ensures that the proxy server itself (localhost) has access.
  • http_access deny all: Denies all other access to the proxy for security purposes.

These changes will help ensure that only users with valid credentials can use your proxy while blocking unauthorized access.

Setting Up Authentication for Squid

Now that we’ve configured Squid to require authentication, the next step is to create a user and set up credentials for access.

Create a password file for your Squid proxy using the htpasswd command:

sudo htpasswd -c /etc/squid/passwords your_squid_username
  • Replace your_squid_username with your desired username. After pressing Enter, you’ll be prompted to enter a password and confirm it. Keep in mind that while typing the password, nothing will be displayed on the terminal for security reasons.

Verify the credentials:

  • To double-check that the user and password were created correctly, view the contents of the password file:
sudo cat /etc/squid/passwords

The output should look something like this:

user:$ALSDASKDHJPQWjasopidjalkwjodspij

This confirms that the credentials have been stored correctly. The password will be encrypted and will not look the same as the one you typed

Restart the Squid service to apply the changes:

sudo systemctl restart squid.service

Check the status of the Squid service to ensure it’s running properly:

systemctl status squid.service

The output should show that the service is active and running, similar to this:

● squid.service - Squid Web Proxy Server
     Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; preset: enabled)
     Active: active (running) since Sun 2024-09-08 13:04:04 UTC; 14min ago
     Docs: man:squid(8)

At this point, Squid should be fully configured and running with basic authentication.

Updating AWS Security Group to Allow Port 3128

Before testing the proxy, we need to ensure that AWS is configured to allow traffic on port 3128, the port that Squid uses for proxy services. Here’s how you can update the security group rules in AWS:

  • Navigate to the EC2 Dashboard in the AWS Management Console.
  • In the left-hand menu, under Network & Security, click on Security Groups.
  • Find the security group associated with your EC2 instance. You can identify it by looking at the Instance details or selecting the instance and finding its security group under Security in the instance summary.
  • Edit inbound rules:
    — Select your security group and click Edit inbound rules.
    — Click Add Rule.
  • Configure the new rule:
    Type: Custom TCP Rule
    Port range: 3128
    Source: Choose an appropriate range, such as Anywhere (0.0.0.0/0), or restrict it to specific IPs for security purposes.
  • Click Save rules to apply the changes.

Now AWS will allow traffic on port 3128

Testing the Proxy Connection

Now that everything is set up, you should be able to connect to the proxy using your local computer. One quick way to test this is by using curl to send a request through the proxy.

To test the proxy with authentication, you can use the following command in your terminal:

curl-x http://your_squid_username:your_squid_password@your_server_ip:3128 curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 http://www.google.com/

{
  "ip": "123.456.789.123",
  "hostname": "af-south-1.compute.amazonaws.com",
  "city": "Cape Town",
  "region": "Western Cape",
  "country": "ZA",
  "loc": "-33.9258,18.4232",
  "org": "AS16509 Amazon.com, Inc.",
  "postal": "7945",
  "timezone": "Africa/Johannesburg",
  "readme": "https://ipinfo.io/missingauth"
}
Linux
Ubuntu
AWS
Proxy Server

--

--

Valente Vidal
Valente Vidal

Written by Valente Vidal

11 Followers
7 Following

Platform Engineer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams