Setting Up Azure APIM with Squid Proxy

In some of the circumstances, there is a need to setup the outbound request call from the virtual network to go through forward proxy before it can hit internet. Below is the reference on how to setup Azure APIM with Squid Proxy.

Create the Virtual Network with 3 different subnets.

  1. Forward Proxy Subnet : The purpose of this subnet is to provision an Linux machine with Squid installed.
  2. Integration Subnet : APIM will be created inside the subnet
  3. Azure Bastion Subnet : To allow internet accessible of the SSH to Squid VM

Step 1 : Create Squid Proxy VM

  • Provision an Ubuntu Server 16.04 into the Forward Proxy Subnet
  • After completion of provisioning, you can go to the VM and click on Bastion under Operations

Step 2 : Create Bastion and install Squid

  • Provision Bastion in order to SSH into the Ubuntu (you can skip this if you have jumphost in the same vnet)
  • This will open up another browser and you can start the installation of Squid
  • Run the following command to get the latest repository of the ubuntu
sudo apt-get update
  • Run the following command to install squid
sudo apt-get install squid
  • Optional : You can run the following to get the status and also get the listening port
sudo service squid status
netstat -an | grep tcp
  • Optional : The configuration file for squid located at /etc/squid. Run the following to list the file and read the file using vim, backup the configuration file to the other directory
ls /etc/squid
sudo cp /etc/squid/squid.conf /home/<username>/squid.conf.baksudo vim /etc/squid/squid.conf
  • Optional : Find the particular config in the configuration file to replace the listening port to 8181 and temporarily allow access all
  • Optional : Set the user name and password for the credential for the proxy authentication
sudo apt-get install apache2-utils
sudo htdigest -c /etc/squid/passwords <testuser> <testusername>
#it will prompt for new password and Retype new password
  • Restart squid service
sudo service squird restart

Step 3 : Provision Azure APIM

  • Go to Azure Portal and Search for API Management
  • Create API Management (in order to deploy into VNET, you need to be in Developer tier / Premium tier)
  • After APIM successfully created, go to Virtual Network under deployment and infrastructure
  • In this testing, i am selecting External in order to allow the access of the API through the portal. You can lock down using Internal and testing inside the VNET
  • Click on Save and wait for the APIM to deploy into the VNET
  • Click on APIs
  • Select on of the sample API in the APIM and click on the sample Get operation
  • Click on the inbound processing code editor
  • Insert the proxy URL , username and password
  • Go to the Bastion for the Squid VM and run the following to check on the log
  • Click on Test on top of the menu bar and send, you should see the response code 200
  • You should be able to see the access log on the Bastion

http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-MISS-200-td4674694.html

PS : This configuration is purely for POC and testing purposes, for production deployment, please do your own security hardening.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store