---
myst:
  html_meta:
    "description lang=en": "Kasm open source Squid proxy."
    "keywords": "Kasm, Browser, Isolation, Zero Trust, Squid"
    "property=og:locale": "en_US"
---

# Kasm Squid

Squid is an open source forward proxy. We have developed a containerized version of Squid for proxy redirection. This project is open source and located at <https://bitbucket.org/kasmtech/kasm_squid/src/master/>

## Installation

- Clone the repository at <https://bitbucket.org/kasmtech/kasm_squid/src/master/>
- Run the install redirector script with the Kasm Workspaces url after the -k argument

```Bash
sudo ./install_redirector.sh -k https://kasm.company.internal
```

- Download myCA.der from /srv/kasm_squid/ssl_cert/myCA.der

For most browsers, windows settings can be used for the proxy settings.

## Setup Root CA Trust

- Use the windows key + r shortcut to open the run prompt
- Type in secpol.msc and click OK
- Select public Key Policies from the Security Settings
- Open the Certificate Path Validation Settings window

```{figure} /images/browser_isolation/certificate_validation.png
:align: center
**Certificate Validation**
```

- Check Define these policy settings

- Make sure to select all of these

  > - Allow user trusted root CAs to be used to validate certificates
  > - Allow users to trust peer trust certificates
  > - Third-Party Root CAs and Enterprise Root CAs

- Select apply

- Use the windows key + r shortcut to pen the run prompt

- Type in certmgr.msc and click OK

- Expand Trusted Root Certification Authorities

- Right click certificates -> all tasks -> import

```{figure} /images/browser_isolation/certificate_import.png
:align: center
**Certificate Import**
```

- Browse to the certificate and select open
- Click next, next and finish

## Setup proxy in windows settings

- Open Windows settings and select Network and Internet
- Select proxy at the bottom left
- Under manual proxy setup select Use a proxy server

```{figure} /images/browser_isolation/proxy_settings.jpg
:align: center
**Proxy Settings**
```

- Enter the Kasm proxy server address and port 3122
- Enter the Kasm domain into the excluded proxy addresses
- Select save

For browsers like Edge, Chrome and Internet Explorer the proxy should be up and working.
Firefox will need to be configured separately.

## Setup Firefox

- In the Firefox options select privacy and security
- Scroll to the bottom and click View Certificates
- Import myCA.der from the Kasm Proxy
- Check all boxes and click OK

```{figure} /images/browser_isolation/firefox_import.jpg
:align: center
**Import to Firefox**
```

- Navigate to the General tab
- Scroll to the bottom for Network Settings
- Select Manual proxy configuration
- Input the IP address of the squid server and port 3122
- Select Use proxy for all protocols
- Add in the Kasm Workspaces domain name under no proxy for
- Select OK

```{figure} /images/browser_isolation/firefox_proxy.jpg
:align: center
**Firefox Proxy Config**
```

Firefox will now redirect all traffic through the secure Kasm.

## Troubleshooting

If the browser is not connecting to the proxy make sure to open port 3122 on the proxy server.

If the Kasm seems to be reconnecting make sure the browser is configured to not use the proxy settings for the Kasm Workspaces server as Squid does not handle websockets.

If HTTPS or security warning errors are occurring, ensure the root certificate is installed on the browser.

Ensure that the proxy was installed using the domain name for the actual Kasm Workspaces server.