In this article, we will explain how to install a squid proxy server on\u00a0Ubuntu and Debian<\/strong>\u00a0distributions and use it as an HTTP proxy server.<\/p>\n Before we begin, you should know that Squid server doesn\u2019t have any requirements, but the amount of RAM utilization may differ based on the clients browsing the internet via the proxy server.<\/p>\n Squid<\/strong>\u00a0package is available to install from the base Ubuntu repository, but before that make sure to update your packages by running.<\/p>\n Once your packages are up to date, you can proceed further to install squid and start and enable it on system startup using following commands.<\/p>\n At this point your Squid web proxy should already be running and you can verify the status of the service with.<\/p>\n Following are the some important squid file locations you should be aware of:<\/p>\n The default configuration file contains some configuration directives that needs to be configured to affect the behavior of the Squid.<\/p>\n Now open this file for editing using Vi editor and make changes as shown below.<\/p>\n Now, you may search about the following lines and change them as requested, in the Vi editor, you may search about those lines by hitting the\u00a0\u2018ESC\u2019<\/strong>\u00a0and typing \u201c\/<\/b>\u201d key to writing the specific lines to look for.<\/p>\n After making above changes, you may restart the Squid proxy server using the command.<\/p>\n In this squid configuration section, we will explain you how to configure squid as an HTTP proxy using only the client IP address for authentication.<\/p>\n If you wish to allow only one IP address to access the internet through your new proxy server, you will need to define new\u00a0acl<\/strong>\u00a0(access control list<\/strong>) in the configuration file.<\/p>\n The\u00a0acl<\/strong>\u00a0rule you should add is:<\/p>\n Where\u00a0 Add IP Address to Allow Web<\/p>\n<\/div>\n It is always a good practice to define a comment next to\u00a0ACL<\/strong>\u00a0which will describe who uses this IP address, for example.<\/p>\n You will need to restart Squid service to take the new changes into effect.<\/p>\n By default, only certain ports are allowed in the squid configuration, if you wish to add more just define them in the configuration file as shown.<\/p>\n Where\u00a0 Add Ports in Squid Proxy<\/p>\n<\/div>\n For the changes to take effect, you will need to restart squid once more.<\/p>\n To allow users to authenticate before using the proxy, you need to enable basic http authentication in the configuration file, but before that you need to install\u00a0apache2-utils<\/strong>\u00a0package using following command.<\/p>\n Now create a file called\u00a0\u201cpasswd\u201d<\/strong>\u00a0that will later store the username for the authentication. Squid runs with user\u00a0\u201cproxy\u201d<\/strong>\u00a0so the file should be owned by that user.<\/p>\n Now we will create a new user called \u201ctecmint\u201d and setup its password.<\/p>\n Now to enable basic http authentication open the configuration file.<\/p>\n After the ports ACLs add the following lines:<\/p>\n Enable Squid User Authentication<\/p>\n<\/div>\n Save the file and restart squid so that the new changes can take effect:<\/p>\n To block access to unwanted websites, first create a file called \u201cblacklisted_sites.acl<\/strong>\u201d that will store the blacklisted sites in it.<\/p>\n Now add the websites that you wish to block access, for example.<\/p>\n The proceeding\u00a0dot<\/strong>\u00a0informs squid to block all references to that sites including\u00a0www.badsite1<\/strong>,\u00a0subsite.badsite1.com<\/strong>\u00a0etc.<\/p>\n Now open Squid\u2019s configuration file.<\/p>\n Just after the above ACLs add the following two lines:<\/p>\n Block Websites in Squid<\/p>\n<\/div>\n Now save the file and restart squid:<\/p>\n To block a list of keywords, first create a file called \u201cblockkeywords.lst<\/strong>\u201d that will store the blacklisted keywords in it.<\/p>\n Now add the keywords that you wish to block access, for example.<\/p>\n Now open Squid\u2019s configuration file and add the following rule.<\/p>\n Now save the file and restart squid:<\/p>\n Once everything configured accurately, you can now configure your local client web browser or operating system\u2019s network settings to use your newly configured squid HTTP proxy.<\/p>\n Now to test that your proxy server is working or not, you may open\u00a0Firefox<\/strong>\u00a0and go to\u00a0Edit \u2013> Preferences \u2013> Advanced \u2013> Network \u2013> Settings<\/strong>\u00a0and select \u201cManual proxy configuration<\/strong>\u201d and enter your proxy server IP address and Port to be used for all connection as it follows.<\/p>\n Configure Client to Use Squid Proxy<\/p>\n<\/div>\n Once you fill all the required proxy details, you will be able to surf the Web using your Squid proxy server, you may do the same thing in any other browser or program you want.<\/p>\n To make sure that you are surfing the web using your proxy server, you may visit\u00a0http:\/\/www.ipaddresslocation.org\/<\/strong>, in the right top corner you must see the same IP address as your server IP address.<\/p>\n For more additional configuration settings, you may check\u00a0official squid documentation<\/a>. If you have any questions or comments, please add them in the comment section below.<\/p>\nHow to Install Squid on Ubuntu<\/h3>\n
$ sudo apt update\r\n<\/pre>\n
$ sudo apt -y install squid\r\n$ sudo systemctl start squid\r\n$ sudo systemctl enable squid\r\n<\/pre>\n
$ sudo systemctl status squid\r\n<\/pre>\n
Sample Output<\/h5>\n
\u25cf squid.service - LSB: Squid HTTP Proxy version 3.x<\/strong>\r\n Loaded: loaded (\/etc\/init.d\/squid; generated)\r\n Active: active (running)<\/strong> since Tue 2018-12-04 06:42:43 UTC; 14min ago\r\n Docs: man:systemd-sysv-generator(8)\r\n Tasks: 4 (limit: 1717)\r\n CGroup: \/system.slice\/squid.service\r\n \u251c\u25002761 \/usr\/sbin\/squid -YC -f \/etc\/squid\/squid.conf\r\n \u251c\u25002766 (squid-1) -YC -f \/etc\/squid\/squid.conf\r\n \u251c\u25002768 (logfile-daemon) \/var\/log\/squid\/access.log\r\n \u2514\u25002772 (pinger)\r\n\r\nDec 04 06:42:43 tecmint systemd[1]: Starting LSB: Squid HTTP Proxy version 3.x...\r\nDec 04 06:42:43 tecmint squid[2708]: * Starting Squid HTTP Proxy squid\r\nDec 04 06:42:43 tecmint squid[2708]: ...done.\r\nDec 04 06:42:43 tecmint systemd[1]: Started LSB: Squid HTTP Proxy version 3.x.\r\nDec 04 06:42:43 tecmint squid[2761]: Squid Parent: will start 1 kids\r\nDec 04 06:42:43 tecmint squid[2761]: Squid Parent: (squid-1) process 2766 started\r\n<\/pre>\n
\n
$ sudo vim \/etc\/squid\/squid.conf\r\n<\/pre>\n
\n
$ sudo systemctl restart squid\r\n<\/pre>\n
Configuring Squid as an HTTP Proxy on Ubuntu<\/h3>\n
Add Squid ACLs<\/h4>\n
$ sudo vim \/etc\/squid\/squid.conf\r\n<\/pre>\n
acl localnet src XX.XX.XX.XX\r\n<\/pre>\n
XX.XX.XX.XX<\/code>\u00a0is the IP address of client machine. This\u00a0acl<\/strong>\u00a0should be added in the beginning of the ACL\u2019s section as shown in the following screenshot.<\/p>\n![\"Add](\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2018\/12\/Add-Squid-ACL.png\")
<\/a><\/p>\nacl localnet src 192.168.0.102 # Boss IP address\r\n<\/pre>\n
$ sudo systemctl restart squid\r\n<\/pre>\n
Open Ports in Squid Proxy<\/h4>\n
acl Safe_ports port XXX\r\n<\/pre>\n
XXX<\/code>\u00a0is the port number that you wish to allow. Again it is a good practive to define a comment next to\u00a0acl<\/strong>\u00a0that will describe what the port is going to be used for.<\/p>\n![\"Add](\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2018\/12\/Add-Ports-in-Squid-Proxy.png\")
<\/a><\/p>\n$ sudo systemctl restart squid\r\n<\/pre>\n
Squid Proxy Client Authentication<\/h4>\n
$ sudo apt install apache2-utils\r\n<\/pre>\n
$ sudo touch \/etc\/squid\/passwd\r\n$ sudo chown proxy: \/etc\/squid\/passwd\r\n$ ls -l \/etc\/squid\/passwd\r\n<\/pre>\n
$ sudo htpasswd \/etc\/squid\/passwd tecmint<\/strong>\r\n\r\nNew password: \r\nRe-type new password: \r\nAdding password for user tecmint\r\n<\/pre>\n
$ sudo vim \/etc\/squid\/squid.conf\r\n<\/pre>\n
auth_param basic program \/usr\/lib64\/squid\/basic_ncsa_auth \/etc\/squid\/passwd\r\nauth_param basic children 5\r\nauth_param basic realm Squid Basic Authentication\r\nauth_param basic credentialsttl 2 hours\r\nacl auth_users proxy_auth REQUIRED\r\nhttp_access allow auth_users\r\n<\/pre>\n
![\"Enable](\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2018\/12\/Enable-Squid-User-Authentication.png\")
<\/a><\/p>\n$ sudo systemctl restart squid\r\n<\/pre>\n
Block Websites on Squid Proxy<\/h4>\n
$ sudo touch \/etc\/squid\/blacklisted_sites.acl\r\n<\/pre>\n
.<\/strong>badsite1.com\r\n.<\/strong>badsite2.com\r\n<\/pre>\n
$ sudo vim \/etc\/squid\/squid.conf\r\n<\/pre>\n
acl bad_urls dstdomain \"\/etc\/squid\/blacklisted_sites.acl\"\r\nhttp_access deny bad_urls\r\n<\/pre>\n
![\"Block](\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2018\/12\/Block-Websites-in-Squid.png\")
<\/a><\/p>\n$ sudo systemctl restart squid\r\n<\/pre>\n
Block Specific Keyword with Squid<\/h4>\n
$ sudo touch \/etc\/squid\/blockkeywords.lst\r\n<\/pre>\n
facebook\r\ninstagram\r\ngmail\r\n<\/pre>\n
acl blockkeywordlist url_regex \"\/etc\/squid\/blockkeywords.lst\"\r\nhttp_access deny blockkeywordlist\r\n<\/pre>\n
$ sudo systemctl restart squid\r\n<\/pre>\n
Configure Client to Use Squid Proxy<\/h3>\n
![\"Configure](\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2018\/12\/Configure-Client-to-Use-Squid-Proxy.png\")
<\/a><\/p>\n