Squid Proxy Ubuntu
Proxy Servers – Squid | Ubuntu
Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol (ICP), the Hyper Text Caching Protocol (HTCP), the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol (WCCP).
The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms, and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid caching proxy server for many users ensure it is configured with a large amount of physical memory as Squid maintains an in-memory cache for increased performance.
Installation
At a terminal prompt, enter the following command to install the Squid server:
sudo apt install squid
Configuration
Squid is configured by editing the directives contained within the /etc/squid/ configuration file. The following examples illustrate some of the directives which may be modified to affect the behavior of the Squid server. For more in-depth configuration of Squid, see the References section.
Tip
Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference, and to re-use as necessary. Make this copy and protect it from writing using the following commands:
sudo cp /etc/squid/ /etc/squid/
sudo chmod a-w /etc/squid/
To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the _port directive as such:
_port 8888
Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer’s hostname. In this example it is set to weezie
visible_hostname weezie
The cache_dir option allows one to configure an on-disk cache, the default option is on-memory cache. The cache_dir directive takes the following arguments:
cache_dir
In the config file you can find the default cache_dir directive commented out:
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
You can just use the default option but you can also customize your cache directory, basically changing the
ufs: the old well-known Squid storage format that has always been there.
aufs: uses the same storage format as ufs, utilizing POSIX-threads to avoid blocking the main Squid process on disk-I/O. This was formerly known in Squid as async-io.
diskd: uses the same storage format as ufs, utilizing a separate process to avoid blocking the main Squid process on disk-I/O.
rock: is a database-style storage. All cached entries are stored in a “database” file, using fixed-size slots. A single entry occupies one or more slots.
If you want to use a different directory type please take a look at their different options.
Using Squid’s access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192. 168. 42. 0/24 subnetwork only:
Add the following to the bottom of the ACL section of your /etc/squid/ file:
acl fortytwo_network src 192. 0/24
Then, add the following to the top of the _access section of your /etc/squid/ file:
_access allow fortytwo_network
Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we’ll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10. 1. 0/24 subnetwork:
acl biz_network src 10. 0/24
acl biz_hours time M T W T F 9:00-17:00
_access allow biz_network biz_hours
Note
After making changes to the /etc/squid/ file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:
sudo systemctl restart rvice
If formerly a customized squid3 was used that set up the spool at /var/log/squid3 to be a mountpoint, but otherwise kept the default configuration the upgrade will fail. The upgrade tries to rename/move files as needed, but it can’t do so for an active mountpoint. In that case please either adapt the mountpoint or the config in /etc/squid/ so that they match.
The same applies if the include config statement was used to pull in more files from the old path at /etc/squid3/. In those cases you should move and adapt your configuration accordingly.
References
Squid Website
Ubuntu Wiki Squid page.
How to Set Up & Install Squid Proxy Server on Ubuntu 18.04
Introduction
Squid is a Linux-based proxy application. The Squid proxy server is used for filtering traffic, security, and DNS lookups.
Also, Squid can speed up a web server by caching resources. The Squid Proxy allows a server to cache frequently visited web pages. When the user requests a web page or file, the request goes directly to the proxy server — an intermediary device between the user’s device and the internet. The proxy server pulls up the resources and relays them to the user.
This guide will walk you through how to set up and install Squid Proxy server on Ubuntu.
Prerequisites
An Ubuntu operating systemAccess to a terminal window/command line (Ctrl-Alt-T)An Ubuntu user with root or sudo privilegesThe apt package installer, included by defaultA text editor, such as nano
Installing Squid Proxy on Ubuntu
Step 1: Refresh the Software Repositories
Ensure you’re working with the latest software version available.
Launch a terminal window, and enter the following:
sudo apt-get update
Step 2: Install Squid Package on Ubuntu
To install Squid, run the command:
sudo apt-get install squid
The system should prompt for confirmation – enter Y and allow the process to complete itself.
Configuring Squid Proxy Server
The Squid configuration file is found at /etc/squid/
1. Open this file in your text editor with the command:
sudo nano /etc/squid/
2. Navigate to find the _port option. Typically, this is set to listen on Port 3218. This port usually carries TCP traffic. If your system is configured for traffic on another port, change it here.
You may also set the proxy mode to transparent if you’d like to prevent Squid from modifying your requests and responses.
Change it as follows:
_port 1234 transparent
3. Navigate to the _access deny all option. This is currently configured to block all HTTP traffic. This means no web traffic is allowed.
Change this to the following:
_access allow all
4. Navigate to the visible_hostname option. Add any name you’d like to this entry. This is how the server will appear to anyone trying to connect. Save the changes and exit.
5. Restart the Squid service by entering:
sudo systemctl restart squid
Configure Squid Client
All this configuration has been done to set up your Squid proxy server. Now, switch to your client machine and open your web browser.
If you’re using Firefox, you can find the proxy settings under:
Menu > Options > Network Settings > Settings
Tick the radio button for Manual proxy configuration.
If you’ve entered a hostname in Step 4, you should be able to enter that name plus the port you have designated. Otherwise, use the IP address for the system hosting your Squid proxy.
To test it, you can visit – if your proxy is working, your IP address should display as the proxy server’s IP address.
Add Squid ACL
Note: After each of these steps, you should save and exit, then restart the Squid service to apply the new configuration.
Create an access control list by editing the file again, as in Step 4.
Add a new line as follows:
acl localnet src 192. 168. 0. 15
This will create a rule that only allows the system at this IP address to connect. It is recommended that you comment the line to identify the rule:
acl localnet src 192. 15 # test computer
Anything after the # sign is ignored by Squid.
You can specify a range of IP addresses as follows:
acl localnet src 192. 15/30
Open Ports
To open a specific port, add the following:
acl Safe_ports port 123 # Custom port
Configure Proxy Authentication
This forces users to authenticate to use the proxy.
Start by installing apache2-utils:
sudo apt-get install apache2-utils
Create a passwd file, and change the ownership to the Squid user proxy:
sudo touch /etc/squid/passwd
sudo chown proxy: etc/squid/passwd
Add a new user and password
1. To add a new user to Squid, use the command:
sudo htpasswd /etc/squid/passwd newuser
The system will prompt you to enter and confirm a password for newuser.
2. Edit the /etc/squid/ file, and add the following command lines:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
_access allow auth_users
Block Websites on Squid Proxy
1. Create and edit a new text file /etc/squid/ by entering:
2. In this file, add the websites to be blocked, starting with a dot:..
Note: The dot specifies to block all subsites of the main site.
3. Open the /etc/squid/ file again:
4. Add the following lines just above your ACL list:
acl blocked_websites dstdomain “/etc/squid/”
_access deny blocked_websites
Commands When Working with the Squid Service
To check the status of your Squid software, enter:
sudo systemctl status squid
This will tell you whether the service is running or not.
To start the service enter:
sudo systemctl start squid
Then set the Squid service to launch when the system starts by entering:
sudo systemctl enable squid
You can re-run the status command now to verify the service is up and running.
To stop the service, use the command:
sudo systemctl stop squid
To prevent Squid from launching at startup, enter:
sudo systemctl disable squid
Conclusion
If you’ve followed along closely, you should now have a basic understanding of how Squid works, and how to install and configure Squid Proxy on Ubuntu.
Proxy servers are a valuable tool for securing network traffic, preventing attacks and restricting access.
Check out our article on how to set up your Ubuntu system to work with a proxy server to configure your Ubuntu machine to use a proxy.
Interested in setting up this application on a different OS? You may want to check out how to install Squid on CentOS 7.
How to Change the Default Listening Port for a Squid Proxy | Liquid …
Reading Time: 2 minutes
Squid is a caching and forwarding web proxy. It is most often used in conjunction with a traditional LAMP stack (Linux, Apache, MySQL, PHP), and can be used to filter traffic on HTTP, FTP, and HTTPS, and increase the speed (thus lower the response time) for a web server via caching.
Pre-Flight Check
These instructions are intended specifically for changing the default listening port for a Squid Proxy.
In this case I’ll be working from a Liquid Web Core Managed CentOS 7 server, and I’ll be logged in as root.
Step #1: Check the Current Port
By default, Squid launches a session listening on port 3128.
Running the command:
netstat -plant
Should show something similar to:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0:::3128:::* LISTEN 6261/(squid-1)
Where:::3128 is the port on which Squid is listening.
Step #2: Find the Configuration File
Configuration file locations may vary. The config file should be called To find the config file use the following command:
locate
You should receive a result similar to:
/etc/squid/
Step #3: Configure a Single New Listening Port
For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor
Now, let’s edit the file found in the previous step:
vim /etc/squid/
Look for a section of the configuration file similar to:
# Squid normally listens to port 3128
_port 3128
Changing the port number is as easy as changing the number 3128. For example: to use port 1337 simply edit the file to include:
_port 1337
Exit and save the file, and then restart Squid:
systemctl restart squid
Now running the command:
tcp6 0 0:::1337:::* LISTEN 6261/(squid-1)
Where:::1337 is the port on which Squid is listening.
Related Articles:How to Monitor Your Server in WHMHow to Create and Clone a Repo in GitHub on Ubuntu 18. 04How to Solve the VSFTPD 500 OOPS ErrorSSL vs TLSCreate a MySQL User on Linux via Command LineHow to Upgrade PHP on WindowsAbout the Author: J. MaysAs a previous contributor, JMays shares his insight with our Knowledge Base center. In our Knowledge Base, you’ll be able to find how-to articles on Ubuntu, CentOS, Fedora and much more! Our Sales and Support teams are available 24 hours by phone or e-mail to assist. 1. 800. 580. 49851. 517. 322. 0434
Frequently Asked Questions about squid proxy ubuntu
How do I setup and install squid proxy server on Ubuntu?
Installing Squid Proxy on UbuntuStep 1: Refresh the Software Repositories. Ensure you’re working with the latest software version available. Launch a terminal window, and enter the following: sudo apt-get update.Step 2: Install Squid Package on Ubuntu. To install Squid, run the command: sudo apt-get install squid.Feb 15, 2019
How do I setup a squid proxy?
Install Proxy Server: Squid ProxyStep1: Update the server sudo yum update -y.Step 2: Configure EPEL repo. … Step 3: Install squid sudo yum -y install squid.Step 4: Start and enable squid server. … Step 5: Check the status of squid server. … Step 1: Install httpd-tools sudo yum -y install httpd-tools.More items…•Aug 11, 2018
What is Squid proxy used for?
Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic.
