Install & Configure Squid in Ubuntu

Squid in Ubuntu Overview

A proxy server is a very useful tool for a network. It is commonly used in computer networks to protect the network from attack, to filter nefarious web content and pages requested by local users, and to speed up the delivery of web pages and web content by caching (storing) commonly requested web pages, documents, and media. Proxy servers are typically implemented on private, local area networks, to filter, protect and cache content requested by users on that network, this is called “proxy” or “transparent proxy.” Proxy servers can also be implemented on the remote side “in-front-of” destination webservers in order to protect those servers by filtering requests, speeding up web page delivery, and caching frequently requested files, this is called “reverse proxy.”

Types of Proxy Servers

Proxy Server The web browser on the client is configured to point to the proxy server’s IP address. The client can bypass the proxy server by removing or altering the proxy address configuration. An administrator could prevent this by creating a GPO in Active Directory that blocks access to the web browser settings. A proxy server can also function as a caching server.
Transparent Proxy Server The router sends all traffic on defined ports, to the transparent proxy server, this way clients cannot bypass the proxy server. A transparent proxy server can also function as a caching server.
Reverse Proxy Server (Cache) The reverse proxy server or cache server is placed in-front-of or prior-to the web server in order to speed up delivery of frequently requested pages and to protect the web server by creating a layer of separation and redundancy.

Squid is one of the most popular and most used proxy servers in the world. It is free to download, easy to install and it can be implemented on any distribution of Linux. Here are the steps to install and configure Squid on an Ubuntu distribution of Linux.

Steps to install and configure Squid

Open a terminal, and type in the following commands to install Squid
 sudo apt-get update
sudo apt-get install squid squid-common

Ways to start and stop Squid
 sudo service squid start (stop|restart|status)
sudo /usr/sbin/squid (launch program directly)
sudo pkill -9 squid

Navigate to the Squid folder to find the squid.conf configuration file
 cd /etc/squid
ls (you should see the squid.conf file)

Create a backup of the squid.conf file
 sudo cp squid.conf squid.conf.bak

For testing purposes open Firefox and set it to send web requests to the Squid Proxy Server (You will need to know your ip address)
 ifconfig (write down your inet address e.g. 192.168.1.100)
Open Firefox
Edit > Preferences, Advanced > Network Tab > Connection-Settings:
Manual Proxy Configuration:
HTTP Proxy: your IP address or loopback address 127.0.0.1,    Port: 3128
     Click Ok and Close
Now if you try and go to a website like google you should see an ERROR – Access Denied message from Squid (see bottom line). This means that Squid is working by actively denying the traffic.

Now we need to configure Squid to allow web traffic through the proxy server. Open squid.conf in your favorite text editor like gedit, nano, or vi
 sudo nano squid.conf
or
 sudo gedit squid.conf & (If gedit does not open from the terminal you can open it as root user)
sudo su
gedit squid.conf &

To switch out of root user
 su your-username (if you are root user the prompt is a “#” switch back to your user account privilege)

If you chose to open with squid.conf with gedit, then turn on line numbering (Edit > Preferences > View >Display Line Numbers)

Change the name of your Squid Proxy Server, around line 3399, change:
 #    TAG: visible_hostname
to
 visible_hostname YourNameProxyServer  

You can configure access rules for your Squid proxy server (lines 331 to 831 are for Access Control). Notice that on lines 606 to 630 the local networks and usable ports (services) are defined. Active configuration lines, are the lines that are not commented out, i.e. they do not start with  a # sign.

To re-enable web access uncomment line 676
 #http_access allow localnet
to
 http_access allow localnet

To verify the Web is now working, save your changes to the squid.conf file and restart your Squid server.
 service squid restart (or “sudo service squid restart” if you are no longer root)

Now resfresh your Firefox web browser and your homepage should be visible.

Now we can practice writing a custom ACL (access list) in the squid.conf file to block specific domains and websites. We can write our custom ACL at the end of the acl lines around line 631. From an empty line write the following lines to test domain blocking:
 acl blocked_websites dstdomain .msn.com .yahoo.com
http_access deny blocked_websites

Now restart your Squid server, and test to see if Squid denies access to your blocked domains/websites in Firefox.

Video Tutorials

In this series of videos, I go through the same process outlined above, to install and configure a Squid proxy server in Ubuntu .

In part 1, I install Squid in Ubuntu, start and stop it, backup the configuration file,
and configure Firefox to use Squid as a proxy server

In part 2, I discuss editing the configuration file

In part 3, I write a custom ACL in the squid.conf file

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published. Required fields are marked *