In this tutorials, how to install Squid Proxy with Auth on AlmaLinux 10.
What is Squid Proxy?
Squid is a powerful caching and forwarding proxy widely used for secure web filtering, performance optimization, and controlled internet access. On AlmaLinux 10, Squid works smoothly with modern authentication methods, making it reliable for both personal and production environments.
In this guide, we install Squid, enable user authentication, tighten the configuration, and test the service step by step.
Prerequisites
Before we begin, ensure we have the following:
- An AlmaLinux 10 dedicate server or KVM VPS.
- Basic Linux Command Line Knowledge.
How to Install Squid Proxy with Auth on AlmaLinux 10
Step 1: Update System Packages
Keeping packages updated helps our proxy run on the latest stable base.
sudo dnf update -y
Step 2: Install Squid
AlmaLinux 10 provides the latest stable Squid package from official repositories.
sudo dnf install squid -y
Start and enable Squid service
sudo systemctl enable --now squid
After installation, Squid runs automatically. We verify the status:
sudo systemctl status squid
Step 3: Install httpd-tools for htpasswd Authentication
We need the htpasswd utility to create secure user accounts.
sudo dnf install httpd-tools -y
Step 4: Create Authentication Password File
We create a dedicated directory to store credentials securely.
sudo mkdir -p /etc/squid/auth
sudo htpasswd -c /etc/squid/auth/squid_users username1
The command will prompt for a password and store it in encrypted form.
To add more users later, we omit -c:
sudo htpasswd /etc/squid/auth/squid_users username2
Step 5: Configure Squid for Authentication
We edit Squid’s main configuration file.
sudo nano /etc/squid/squid.conf
Find and replace following variables (Or your can take backup or existing squid.conf file, remove it and and create same file with following content):
#############################################################
# PORT
#############################################################
http_port 3128
#############################################################
# DEFAULT ACLs (KEEP THEM FIRST)
#############################################################
acl localnet src 0.0.0.1-0.255.255.255
acl localnet src 10.0.0.0/8
acl localnet src 100.64.0.0/10
acl localnet src 169.254.0.0/16
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl localhost src 127.0.0.1/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
############################################################
# DEFAULT SECURITY RULES
############################################################
# Deny unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to non-SSL ports
http_access deny CONNECT !SSL_ports
# Allow localnet and localhost before anything else
http_access allow localnet
http_access allow localhost
# Cache manager access
http_access allow localhost manager
http_access deny manager
# Block link-local (recommended)
http_access deny to_localhost
http_access deny to_linklocal
#############################################################
# AUTHENTICATION
#############################################################
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/auth/squid_users
auth_param basic realm "Proxy Authentication Required"
auth_param basic credentialsttl 2 hours
acl authenticated proxy_auth REQUIRED
# Allow authenticated users
http_access allow authenticated
##############################################################
# FINAL RULE (ALWAYS LAST)
##############################################################
http_access deny all
Save and exit the file.
This configuration ensures our proxy requires valid credentials before granting access.
Step 6: Test Squid Configuration
Before restarting, we validate the syntax.
sudo squid -k parse
If no errors appear, we reload the service:
sudo systemctl restart squid
We confirm that Squid is active:
sudo systemctl status squid
Step 7: Allow Squid Through Firewall (UFW)
AlmaLinux uses firewalld by default.
sudo firewall-cmd --add-port=3128/tcp --permanent
Reload:
sudo firewall-cmd --reload
Step 8: Test Proxy Access
We test from any device or browser by setting the proxy to:
IP: SERVER_IP
Port: 3128
Once configured, any request should prompt for the username and password created earlier.
To test via terminal:
curl -x http://username1:password@SERVER_IP:3128 https://www.hostmycode.com -I
For locally test:
curl -x http://127.0.0.1:3128 https://www.hostmycode.com -I
A valid response confirms working authentication.
Step 9: Optional — Restrict Access by IP Range
Sometimes we prefer an extra layer of control.
Edit Squid config:
sudo vi /etc/squid/squid.conf
Add before http_access allow authenticated:
acl allowed_ips src 192.168.1.0/24
http_access allow allowed_ips
Reload:
sudo systemctl restart squid
Conclusion
We installed and configured Squid Proxy on AlmaLinux 10 with secure user authentication using NCSA password management. Our setup now offers controlled access, reliable filtering, and a strong foundation for performance-optimized proxy operations.
For teams managing production environments or individuals who need stable and secure browsing control, this proxy setup provides a dependable, modern workflow.
