Professional Documents
Culture Documents
Ubuntu 22.04|20.04
By
Lorna Chepkoech
-
35075
0
Squid is a proxy and cache server. It acts as a proxy by forwarding requests to the required
destination but also saves the requested content. If another server ask for the same information
before it it has not expired in the squid server, it serves the same content to the requester, therefore,
improving download speeds and saves on bandwidth.
Squid proxy server supports caching of content requested through different protocols such as http,
SSL requests, DNS lookups and FTP. This guides explains how to install and configure Squid proxy
on Ubuntu 22.04|20.04
Object 1
Object 2
[ -e /var/run/reboot-required ] && sudo reboot
Next, install squid proxy on Ubuntu. Installing Squid proxy in Ubuntu is easy because it is already
available in Ubuntu 20 repositories. Confirm this with the below command.
sudo apt-cache policy squid
Output
Object 3
To install Squid proxy, run the below commands. Also enable to start on system boot then check
status
sudo apt install -y squid
sudo systemctl start squid
sudo systemctl enable squid
sudo systemctl status squid
Now, do your custom settings in /etc/squid/squid.conf. Open the file with your preferred file editor
To set your desired cache memory, use the settings below. For my case, I am using 256 MB
cache_mem 256 MB
The default defined ACL rules are as shown. Tou can choose to disable the by adding # at the
beginning of each line. To create new rules, follow the examples below:
Examples1: Allow LAN network through Squid proxy server
Create the acl rule
acl my_lan src 192.168.100.0/24
Now either allow or deny based on the defined rule, with the use of http_access directive. In our
case, we need to allow
http_access allow my_lan
Note that the last rule every time you create ACL access rules should be the deny all. This should
be done when you have allowed all the required sites otherwise you might block yourselves from
accessing some needed sites.
Object 4
Add the sites that you wish to deny access. For my case, I am using facebook and youtube. Save the
file after.
.facebook.com
.youtube.com
Now open squid.conf and create an acl rule for the denied sites and add a deny rule then save the
file.
acl deniedsites dstdomain “/etc/squid/deniedsites.squid”
http_access deny deniedsites
Note that everytime you make changes, you must restart squid server
Object 5
Edit squid.conf to create acl and deny rule the save and remember to restart squid.
acl keywords url_regex -i "/etc/squid/keywords.squid"
http_access deny keywords
For http_access
Object 6
To open ports in Squid proxy server, use the command syntax as shown below
acl Safe_ports port <port-number>
Also Proxy server should not append clients IP address in the http requests which it forwards.
Disable this by modifying the following lines in squid.conf file.
To avoid revealing your Squid proxy server, you can remove Squid proxy header. Add the line
below in TAG; request_header_access.
request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all
Create a file that will be used to store users. Mine is called ‘passwd’. The file should be owned by
proxy which is the default Squid user.
sudo touch /etc/squid/passwd
sudo chown proxy: /etc/squid/passwd
Now add the following lines in squid.conf file. After adding, save and restart squid.
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
It is important to check the location of basic_ncsa_auth to be sure that you are using the right path
and that you do not get errrors. Use the command below:
dpkg -L squid | grep ncsa_auth
Your Squid file should look as below:
To test that your Squid proxy server is working, go to your client web browser, such as Firefox, and
configure manual proxy authentication. Open Firefox, click on the three bars on the far right.
Under Edit, click on preference. Click on settings under network settings. On the page that
appears, clock on manual proxy configuration radio button and fill in your proxy server details.
You can exclude proxy for other IP addresses if you wish under ‘No proxy for‘
Now confirm your Squid proxy set up is working. Open the Firefox browser and try to search a
restricted site such as youtube.com for my case. You should see a page saying ‘proxy server refuse
connections’
Now open another site that is not restricted. You should be prompted for authentication which after
entering your username and password, you should be able to access the site.
This has been a step-by-step guide on how to install and configure Squid proxy server in Ubuntu
22.04|20.04. I hope you have enjoyed. Below are more elaborate guides for for your daily Linux
installations
• How to install and configure HAProxy on Debian
• How to configure Nginx Proxy for Semaphore Ansible Wed UI
• How to install Envoy Proxy on Ubuntu/Debian Linux
• How to manage HAProxy servers from a Web Interface
As we continue to grow, we would wish to reach and impact more people who visit and take
advantage of the guides we have on our blog. This is a big task for us and we are so far extremely
grateful for the kind people who have shown amazing support for our work over the time we have
been online.
Thank You for your support as we work to give you the best of guides and articles. Click below to
buy us a coffee.