Install Squid Proxy Ubuntu 16_04
How to Setup Squid Proxy Server on Ubuntu 18.04 & 16.04
Squid is the most popular Proxy server for Unix like operating systems. It also used for the web filtering. Squid also useful as caching proxy server for the HTTP, HTTPS, FTP article will help you to setup Squid Proxy Server on Ubuntu 18. 10, 18. 04 LTS, 16. 04 LTS, and 14. 04 LTS 1 – Install PackageSquid packages are available in default yum repositories. Execute below command on your server to install SQUID proxy apt update
sudo apt install squid
Step 2 – Configure Squid PortThe default port for the Squid proxy servers is 3128. You can change this as per the requirements. To setup Squid on different port, Edit squid configuration file and change _port value with new port. /etc/squid/ _port 3128
After making changing let’s restart Squid service to reload the configuration changessudo service squid restart
The next steps will help you to Setup Squid Proxy Server on Ubuntu systems. Use only those settings, which is required for your proxy 3 – Allow All TrafficSometimes you are required to allow all traffic on your proxy server. In Squid server open Squid configuration file. Comment the _access deny all line and add the _access allow all entry this file. /etc/squid/ _access allow all
#_access deny all
Step 4 – Block Specific Website with SquidLet’s start with the additional configuration like blocking any website using squid proxy server. Add below rules to block specific website before any allow all rules. Below example will block and blocksite1 dstdomain
acl blocksite2 dstdomain _access deny blocksite1
_access deny blocksite2
If you have a long list of domain names, Create a file /etc/squid/ and put domain names one per line and add below rule in the squid configuration file. /etc/squid/nfacl blocksitelist dstdomain “/etc/squid/”
_access deny blocksitelist
file content example:cat /etc/squid/
Step 5 – Block Specific Keyword with SquidAdd below rules to block specific website before any allow all rules. Below example will block all pages having keyword yahoo or Gmail. /etc/squid/nfacl blockkeyword1 url_regex yahoo
acl blockkeyword2 url_regex gmail
_access deny blockkeyword1
_access deny blockkeyword2
If you have a long list of keywords, Create a file /etc/squid/ and put keywords one per line and add below rule in the squid configuration file. /etc/squid/nfacl blockkeywordlist url_regex “/etc/squid/”
_access deny blockkeywordlist
Congratulation’s you have successfully install and configured Squid proxy server. Read next article to Configure Squid for Mac Address Based Filtering.
How to Install Squid Proxy Server on Ubuntu 16.04 – Liquid Web
A Squid Proxy Server is a feature-rich web server application that provides both reverse proxy services and caching options for websites. This provides a noticeable speedup of sites and allows for reduced load times when being reverse proxy is a service that sits between the Internet and the webserver (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access. A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the can be used as a caching service to SSL requests as well as DNS lookups. It can also provide a wide variety of support to multiple other types of caching protocols, such as ICP, HTCP, CARP, as well as WCCP. Squid is an excellent choice for many types of setups as it provides very granular controls by offering numerous system tools, as well as a monitoring framework using SNMP to provide a solid base for your caching selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased stalling SquidLet’s start by ensuring our server is up to date:[root@test ~]# apt-get update
Get:1 xenial-security InRelease [109 kB]Hit:2 xenial InReleaseHit:3 xenial InReleaseGet:4 xenial-updates InRelease [109 kB]Get:5 xenial-backports InRelease [107 kB]Fetched 325 kB in 0s (567 kB/s)Reading package lists… Done
Next, at the terminal prompt, enter the following command to install the Squid server:
[root@test ~]# apt install squid
Reading package lists… DoneBuilding dependency treeReading state information… DoneThe following packages were automatically installed and are no longer required:linux-headers-4. 4. 0-141 linux-headers-4. 0-141-generic linux-image-4. 0-141-genericUse ‘apt autoremove’ to remove them.
The following additional packages will be installed:
libecap3 squid-common squid-langpack ssl-cert
squidclient squid-cgi squid-purge smbclient ufw winbindd openssl-blacklist
The following NEW packages will be installed:
libecap3 squid squid-common squid-langpack ssl-cert
0 upgraded, 5 newly installed, 0 to remove and 64 not upgraded.
Need to get 2, 672 kB of archives.
After this operation, 10. 9 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Fetched 2, 672 kB in 0s (6, 004 kB/s)
Selecting previously unselected package libecap3:amd64.
(Reading database… 160684 files and directories currently installed. )
Preparing to unpack… /…
Unpacking libecap3:amd64 (1. 0. 1-3ubuntu3)…
Selecting previously unselected package squid-langpack.
Unpacking squid-langpack (20150704-1)…
Selecting previously unselected package squid-common.
Unpacking squid-common (3. 5. 12-1ubuntu7. 6)…
Selecting previously unselected package ssl-cert.
Unpacking ssl-cert (1. 37)…
Selecting previously unselected package squid.
Unpacking squid (3. 6)…
Processing triggers for libc-bin (2. 23-0ubuntu10)…
Processing triggers for systemd (229-4ubuntu21. 16)…
Processing triggers for ureadahead (0. 100. 0-19)…
Setting up libecap3:amd64 (1. 1-3ubuntu3)…
Setting up squid-langpack (20150704-1)…
Setting up squid-common (3. 6)…
Setting up ssl-cert (1. 37)…
Setting up squid (3. 6)…
Skipping profile in /etc/apparmor. d/disable:
Processing triggers for ureadahead (0. 0-19).. ’s it! The installation is complete! Configuring SquidThe default Squid configuration file is located in the ‘/etc/squid/ directory, and the main configuration file is called “”. This file contains the bulk of the configuration directives that can be modified to change the behavior of Squid. The lines that begin with a “#”, are commented out or not read by the file. These comments are provided to explain what the related configuration settings edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations. [root@test ~]# cp /etc/squid/ /etc/squid/ Squid’s Default Listening PortNext, the Squid proxy servers default port is 3128. You can change or modify this setting to suit your needs should you wish to modify the port for a specific reason or necessity. To change the default Squid port, we will need to edit the Squid configuration file and change the “_port” value (on line 1599) to a new port number. [root@test ~]# vim /etc/squid/
_port 2946(Keep the file open for now…)Change Squid’s Default HTTP Access PortNext, to allow external access to the HTTP proxy server from all IP addresses, we need to edit the “_access” directives. By default, the HTTP proxy server will not allow access to anyone at all unless we explicitly allow it! Caution! : Multiple settings mention _access. We want to modify the last entry. 1164 # Deny requests to certain unsafe ports
1165 _access deny! Safe_ports…
1167 # Deny CONNECT to other than secure SSL ports
1168 _access deny CONNECT! SSL_ports…
1170 # Only allow cachemgr access from localhost
1171 _access allow localhost manager
1172 _access deny manager…
1186 #_access allow localnet
1187 _access allow localhost…
1189 # And finally deny all other access to this proxy
1190 _access deny all
# > change to “allow all”
Install and Configure Squid on Ubuntu Server
In this tutorial, we will learn how to install and configure the squid proxy and caching server on Ubuntu Linux. The term proxy is generally combined with two different terms, one is forward proxy and the other is reverse proxy.
Most of the time when we talk about proxy it generally refers to forward proxy. A forward proxy server works on behalf of clients and hide the client IP address from the internet.
A reverse proxy server is the exact opposite of a forward proxy server. Reverse proxy server is worked behalf of the server and protects servers from the outside world.
Today we are going to configure forward proxy on Ubuntu using Squid3. To install and configure Squid on Ubuntu Server 16. 04, we have to take the following steps:
Install the squid3 package.
Configure web caching.
Configure Access Control List(ACL).
We can easily install Squid as usual from the Ubuntu software repositories. Open the command line and install squid3 package.
sudo apt-get update
sudo apt-get install squid3
Open the /etc/squid/ file:
sudo vim /etc/squid/
Uncomment the cache_dir directive to add a disk cache directory:
cache_dir ufs /var/spool/squid 100 16 256
Restart the Ubuntu squid server:
systemctl restart rvice
Squid server by default listens to TCP port 3128, So Make sure that you have allowed the TCP port 3128 on your firewall.
The default cache size is 100MB. To change cache size edit the cache_dir directive. The following example sets squid cache size to 500MB:
cache_dir ufs /var/spool/squid 500 16 256
Control Access to the Ubuntu Proxy server with Access Control List (ACL)
You can limit users’ ability to browse the Internet with access control lists (ACLs). by default, the Ubuntu file is configured with ACL lines that will deny access to everything except the localhost. So now we need to set the list of IP addresses allowed to use squid.
Following example will allow IP address 192. 168. 1. 10 to connect to the internet through the proxy server.
Add the following line at the bottom of the acl section of /etc/squid/ (under the TAG: acl):
acl allow_clients src 192. 10
Then, add the following line at the top of the _access section of the /etc/squid/ (under the TAG: _access):
_access allow allow_clients
Finally, Restart the squid server:
In the above example, we added IP address 192. 10 to the ACL group called allow_clients.
Then, we enabled access to the allow_clients group.
Now the client with IP address 192. 10 can browse the internet through the Ubuntu proxy server.
You can add multiple IPs to the ACL group as follows:
acl allow_clients src 192. 10/24
acl allow_clients src 192. 11/24
Manage Squid Proxy Server
You can manage squid on Ubuntu with systemctl command. To view server status, Type:
systemctl status squid
To start the squid service, Type:
sudo systemctl start squid
Set squid server to start at system reboot (default):
sudo systemctl enable squid
Run netstat command to make sure that the squid is listening on port 3128:
sudo netstat -tulnp | grep 3128
In this tutorial we learned squid proxy server configuration in Ubuntu step by step.
We start by installing the Squid3 package on Ubuntu.
Once the squid3 is installed, we edit the configuration file to enable web caching by uncommenting the cache_dir directive.
Then, we learned how to control access to the proxy server with Access Control List (ACL).