Simple, Authenticated Squid Proxy on CentOS 6

Simple, authenticated proxy for BT use. Does not handle SSL (https) traffic. This squid.conf was modded for CentOS 6: Oct 22 2013

  1. Install Squid: $ yum install squid

  2. Create the passwd file: $ htpasswd -c /etc/squid/passwd USERNAME [PASSWORD]

  3. Use only these settings in /etc/squid/squid.conf:

    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
    auth_param basic utf8 on
    auth_param basic children 5
    auth_param basic realm Squid Proxy Authentication
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive on
    acl CONNECT method CONNECT
    acl authenticated proxy_auth REQUIRED
    http_access allow authenticated
    http_access deny all
    http_port 4040
    dns_v4_first on # This handles the TCP_MISS/503 errors
    via off
    forwarded_for transparent # or “delete” if you want to drop it even when the client sends it

  4. Reload squid:

    $ service squid restart

Note that the Via and X-Forwarded-For headers are never added, but X-Forwarded-For is preserved if it’s sent by the client. If you want to always drop that header, you need to change forwarded_for to delete. And, if necessary open the port in /etc/iptables.rules:

-A INPUT -p tcp -m tcp --dport 4040 -j ACCEPT

QTorrent/Bittorrent client setting to use the Squid proxy

Go to: Tools | Options | Connection Under “Proxy Server” Type: HTTP Host: IP address of Proxy Port: 4040 (defined above)
Authentication: checked Username and Password (defined above in “htpasswd”)

    • *Ref: