Squid is a proxy server that can be used to improve network performance and security. It can be used to cache web pages and images, allowing your users to access these files more quickly. Squid can also be used to protect your network from malicious content.

If you’re an experienced system administrator, you know that a proxy server can be a valuable tool for optimizing your network.

In this blog post, we’ll show you how to install a proxy server on Ubuntu using the Squid proxy server.

How to install Squid on Ubuntu and Debian

To install Squid on Ubuntu and Debian, use the following commands:

sudo apt update  
sudo apt install squid3  

The Squid proxy server will be installed on your Ubuntu system.

You can verify the service status by running the following command:

sudo systemctl status squid3  

Output
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-06-17 11:13:54 IST; 45s ago
       Docs: man:squid(8)
    Process: 2267 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, status=0/SUCCESS)
   Main PID: 2270 (squid)
      Tasks: 4 (limit: 2271)
     Memory: 15.7M
        CPU: 187ms
     CGroup: /system.slice/squid.service
             ├─2270 /usr/sbin/squid --foreground -sYC
             ├─2272 "(squid-1)" --kid squid-1 --foreground -sYC
             ├─2273 "(logfile-daemon)" /var/log/squid/access.log
             └─2274 "(pinger)"

Jun 17 11:13:54 tecadmin squid[2272]: Using Least Load store dir selection
Jun 17 11:13:54 tecadmin squid[2272]: Set Current Directory to /var/spool/squid
Jun 17 11:13:54 tecadmin squid[2272]: Finished loading MIME types and icons.
Jun 17 11:13:54 tecadmin squid[2272]: HTCP Disabled.
Jun 17 11:13:54 tecadmin squid[2272]: Pinger socket opened on FD 14
Jun 17 11:13:54 tecadmin squid[2272]: Squid plugin modules loaded: 0
Jun 17 11:13:54 tecadmin squid[2272]: Adaptation support is off.
Jun 17 11:13:54 tecadmin squid[2272]: Accepting HTTP Socket connections at conn3 local=[::]:3128 remote=[::] FD 12 flags=9

After you have installed Squid, you will need to configure it to meet your needs. The default configuration should be suitable for most users, but you may need to make some changes depending on your specific needs.

How to Configure Squid Proxy Server

The main Squid configuration file is located at /etc/squid3/squid.conf. This file contains all of the settings for Squid. You can edit this file to change the configuration of Squid.

Configure Port

To configure the Squid port, you’ll need to edit the squid.conf file. This file is located in the /etc/squid directory on most Linux systems. Once you’ve opened the file in a text editor, you’ll need to locate the following line:

http_port 3128

If you need to change the Squid port, you can simply edit this line and enter the new port number. For example, if you want to use port 8080, you would enter:

http_port 8080



Once you’ve made the change, save the file and restart Squid.

Note: You can also configure Squid as transparrent proxy server by adding transparent keyword with the port like http_port 8080 transparent .

Configuring Firewall Rules

In order to use Squid, you will need to enable it in the Ubuntu firewall. You can do this by running the following command:

• UFW Users:

  sudo ufw allow 8080 
  

• FirewallD Users:

  sudo firewall-cmd --permanent --zone=public --add-port=3128/tcp 
  sudo firewall-cmd –reload 
  

This command will allow traffic on port 8080, which is the port that Squid listens on.

Configure Proxy Authentication in Squid

You can also insist users to authenticate proxy to use. This helps you to prevent unauthorized access to the proxy server. This forces users to authenticate to use the proxy.

• First, install apache2-utils package, that provides htpasswd command.

  sudo apt-get install apache2-utils -y  
  

• Create a new file to contain username and password. Also change ownership to the Squid user proxy:

  sudo touch /etc/squid/secure_passwd 
  sudo chown proxy: /etc/squid/secure_passwd 
  

• Create a new user with following commnad:

  sudo htpasswd /etc/squid/secure_passwd tecadmin 
  

  The system will prompt you to enter and confirm a password for “tecadmin” user.

• Edit the /etc/squid/squid.conf file, and add the following configuration:

  auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/secure_passwd
  auth_param basic children 5
  auth_param basic realm Squid Basic Authentication
  auth_param basic credentialsttl 2 hours
  acl auth_users proxy_auth REQUIRED
  http_access allow auth_users
  

• Restart Squid service.

Create ACL to Block Websites

You can block any website by its domain name. To do the following:

• Create a new file /etc/squid/blocked_websites.acl and edit in a text editor. You can choose any name of your choice.

  sudo nano /etc/squid/blocked_websites.acl 
  

• In this file, add the domain names one per line to be blocked. You can start the domain name with a dot (.) to blcok subdomains as well.

  .yahoo.com
  .facebook.com
  

• Edit the /etc/squid/squid.conf file again.

  sudo nano /etc/squid/squid.conf 
  

• Add the following lines just before the ACL list.

  acl blocked_websites dstdomain “/etc/squid/blocked.acl”
  http_access deny blocked_websites
  

  Save changes and restart Squid service.

Conclusion

In this article, we will go over the steps on how to install a Squid proxy server on an Ubuntu server. We will also cover some basic configurations that can be made to Squid once it is installed. By the end of this article, you should have a working installation of the Squid proxy server on your Ubuntu server.

The post How to Setup Squid Proxy Server on Ubuntu and Debian appeared first on TecAdmin.

This article will help you to set up Squid Proxy Server on Ubuntu 18.10, 18.04 LTS, 16.04 LTS, and 14.04 LTS systems.

Step 1 – Install Package

Squid packages are available in default yum repositories. Execute the below command on your server to install the SQUID proxy server.

sudo apt update
sudo apt install squid

Step 2 – Configure Squid Port

The default port for the Squid proxy servers is 3128. You can change this as per the requirements. To set up Squid on different port, Edit squid configuration file and change http_port value with new port.

 http_port 3128

After making changes let’s restart the Squid service to reload the configuration changes

sudo service squid restart

The next steps will help you to set up Squid Proxy Server on Ubuntu systems. Use only those settings, which is required for your proxy server.

Step 3 – Allow All Traffic

Sometimes you are required to allow all traffic on your proxy server. In Squid server open Squid configuration file. Comment the http_access deny all line and add the http_access allow all entry this file.

 http_access allow all
 #http_access deny all

Step 4 – Block Specific Website with Squid

Let’s start with the additional configuration like blocking any website using a squid proxy server. Add below rules to block specific websites before any allow all rules. The below example will block yahoo.com and www.rediff.com.

acl blocksite1 dstdomain yahoo.com
acl blocksite2 dstdomain www.rediff.com
http_access deny blocksite1
http_access deny blocksite2

If you have a long list of domain names, Create a file /etc/squid/blockwebsites.lst and put domain names one per line and add the below rule in the squid configuration file.

acl blocksitelist dstdomain "/etc/squid/blockwebsites.lst"
http_access deny blocksitelist

blockwebsites.lst file content example:

cat /etc/squid/blockwebsites.lst

yahoo.com
www.rediff.com

Step 5 – Block Specific Keyword with Squid

Add below rules to block specific websites before any allow all rules. The below example will block all pages having the keyword yahoo or Gmail.

acl blockkeyword1 url_regex yahoo
acl blockkeyword2 url_regex gmail
http_access deny blockkeyword1
http_access deny blockkeyword2

If you have a long list of keywords, Create a file /etc/squid/blockkeywords.lst and put keywords one per line and add the below rule in the squid configuration file.

acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist

blockkeywords.lst file content example:

cat /etc/squid/blockkeywords.lst

yahoo
gmail
facebook

Congratulation’s you have successfully install and configured Squid proxy server. Read next article to Configure Squid for Mac Address Based Filtering.

The post How to Setup Squid Proxy Server on Ubuntu 18.04 & 16.04 appeared first on TecAdmin.

Step 1 – Install Squid on Debian 8

Login to your Debian 8 system using root or sudo privileges user. Then run the following commands on the console to install Squid on Debian 8 system from the default package repository.

sudo apt update
sudo apt install squid

Step 2 – Configure Squid Port

Squid default runs on port 3128. It is your choice to keep running squid on default port or change it to some different port. To change port edit squid configuration file and changehttp_port value.

/etc/squid/squid.conf

http_port 3128

After making changing let’s restart Squid service to reload the configuration changes

sudo service squid restart

Step 3 – Allow All Traffic

Assuming you need a proxy server open to all, Then you need to allow all traffic on your proxy server. Edit the Squid configuration file and Comment the http_access deny all line. Then add the http_access allow all entry this file.

 http_access allow all
 #http_access deny all

Step 4 – Block Specific Website with Squid

Here you want to block some specific websites through the proxy server. Then add the following rules to block specific website just before the allow all rule. Below example will block yahoo.com and www.rediff.com.

acl blocksite1 dstdomain yahoo.com
acl blocksite2 dstdomain www.rediff.com
http_access deny blocksite1
http_access deny blocksite2

If you have a large number of domain names, then create a file /etc/squid/blockwebsites.lst and put domain names one per line and add below rule in the squid configuration file.

acl blocksitelist dstdomain "/etc/squid/blockwebsites.lst"
http_access deny blocksitelist

blockwebsites.lst file content example:

cat /etc/squid/blockwebsites.lst

yahoo.com
www.rediff.com

Step 5 – Block Specific Keyword with Squid

You can also block websites for specific keywords. Add the following rules just before the allow all rule. Below is the example of blocking all pages having keyword yahoo or Gmail.

acl blockkeyword1 url_regex yahoo
acl blockkeyword2 url_regex gmail
http_access deny blockkeyword1
http_access deny blockkeyword2

If you have a large number of keywords to block then create a file /etc/squid/blockkeywords.lst and put keywords one per line and add below rule in the squid configuration file.

acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist

blockkeywords.lst file content example:

cat /etc/squid/blockkeywords.lst 

yahoo
gmail
facebook

Congratulation’s you have successfully install and configured Squid proxy server. Read next article to Configure Squid for Mac Address Based Filtering.

The post How to install and configure Squid Proxy on Debian 8 appeared first on TecAdmin.

If you do not have Squid installed, Go to below link for installing squid on CentOS/RHEL/Fedora systems.

Install and Configure SQUID Proxy Server on CentOS/RHEL Linux

ACL rules are need to add in squid configuration file /etc/squid/squid.conf. Remember that squid Squid always applied first matching rules from top to down order and ignore other after matching any rule

1. Block All Sites For Single MAC Address

Following configuration will block all the sites to the system having MAC address 01:23:45:AB:CD:EF.

Squid ACL Rule:

acl pcmac1 arp 01:23:45:AB:CD:EF
http_access deny pcmac1

2. Block Single Site for Single MAC Address

Following configuration will block www.example.com site to the system having MAC address 01:23:45:AB:CD:EF.

Squid ACL Rule:

acl blocksite1 dstdomain www.example.com
acl pcmac1 arp 01:23:45:AB:CD:EF
http_access deny blocksite1 pcmac1

3. Block All Sites for Multiple MAC Addresses

Following configuration will block all the sites to systems having MAC addresses 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45.

MAC Addresses List

cat /etc/squid/mac-addrs.lst

01:23:45:AB:CD:EF
AB:CD:EF:01:23:45

Squid ACL Rule:

acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access deny pcmacs

4. Block Single Site for Multiple MAC Addresses

Following configuration will block www.example.com to systems having MAC addresses 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45.

MAC Addresses List

cat /etc/squid/mac-addrs.lst

01:23:45:AB:CD:EF
AB:CD:EF:01:23:45

Squid ACL Rule:

acl blocksite1 dstdomain www.example.com
acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access deny blocksite1 pcmacs

5. Allow Specific Site for Single MAC Address

Following configuration will allow www.example.com to system having MAC address 01:23:45:AB:CD:EF and deny other sites.
Squid ACL Rule:

acl pcmac1 arp 01:23:45:AB:CD:EF
acl allowsite1 dstdomain www.example.in
http_access allow allowsite1 pcmac1
http_access deny pcmac1

6. Allow Multiple Sites for Single MAC Address

Following configuration will allow all sites added in /etc/squid/allowsites.lst to a system having MAC address 01:23:45:AB:CD:EF and deny other sites.

Allowed Sites List

cat /etc/squid/allowsites.lst

www.google.co.in
yahoo.com
in.yahoo.com

Squid ACL Rule:

acl pcmac1 arp 01:23:45:AB:CD:EF
acl allowsite1 dstdomain "/etc/squid/allowsites.lst"
http_access allow allowsite1 pcmac1
http_access deny pcmac1

7. Allow Specific Site for Multiple MAC Addresses

Following configuration will allow www.example.com to systems having MAC address 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45 and deny other sites.

MAC Addresses List

cat /etc/squid/mac-addrs.lst

01:23:45:AB:CD:EF
AB:CD:EF:01:23:45

Squid ACL Rule:

acl blocksite1 dstdomain www.example.com
acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access allow blocksite1 pcmacs
http_access deny pcmacs

8. Allow Multiple Sites for Multiple MAC Addresses

Following configuration will allow all the sites listed in /etc/squid/allowsites.lst to all systems having MAC address listed in /etc/squid/mac-addrs.lst and deny other sites.

MAC Addresses List

cat /etc/squid/mac-addrs.lst

01:23:45:AB:CD:EF
AB:CD:EF:01:23:45

Allowed Sites List

cat /etc/squid/allowsites.lst

www.google.co.in
yahoo.com
in.yahoo.com

Squid ACL Rule:

acl pcmacs arp "/etc/squid/mac-addrs.lst"
acl allowsites dstdomain "/etc/squid/allowsites.lst"
http_access allow allowsites pcmacs
http_access deny pcmacs

The post Configure Squid Proxy Server Mac Address Based Filtering appeared first on TecAdmin.

This article will help you to Install and Configure SQUID Proxy Server on CentOS, Redhat and Fedora Linux systems.

Step 1 – Install Squid

Squid packages are available in default yum repositories. Execute below command on your server to install SQUID proxy server.

sudo yum install squid       # On CentOS/RedHat Systems 
sudo dnf install squid       # On Fedora Systems 

Step 2 – Change Squid Port (optional)

Squid default runs on port 3128. If you want to start squid on different port, Edit squid configuration file and change http_port value. For example we are changing squid to run on port 8080.

/etc/squid/squid.conf

http_port 8080

After making changing let’s restart Squid service to reload the configuration changes

service squid restart

Step 3 – Block Specific Website with Squid

Let’s start with the additional configuration like blocking any website using squid proxy server. Add below rules to block specific website before any allow all rules. Below example will block yahoo.com and www.rediff.com.

acl blocksite1 dstdomain yahoo.com
acl blocksite2 dstdomain www.rediff.com
http_access deny blocksite1
http_access deny blocksite2

If you have a long list of domain names, Create a file /etc/squid/blockwebsites.lst and put domain names one per line and add below rule in squid configuration file.

acl blocksitelist dstdomain "/etc/squid/blockwebsites.lst"
http_access deny blocksitelist

blockwebsites.lst file content example:

# cat /etc/squid/blockwebsites.lst

yahoo.com
www.rediff.com

Step 4 – Block Specific Keyword with Squid

Add below rules to block specific website before any allow all rules. Below example will block all pages having keyword yahoo or Gmail.

acl blockkeyword1 url_regex yahoo
acl blockkeyword2 url_regex gmail
http_access deny blockkeyword1
http_access deny blockkeyword2

If you have a long list of keywords, Create a file /etc/squid/blockkeywords.lst and put keywords one per line and add below rule in the squid configuration file.

acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist

blockkeywords.lst file content example:

# cat /etc/squid/blockkeywords.lst

yahoo
gmail
facebook

Congratulation’s you have successfully install and configured Squid proxy server. Read next article to Configure Squid for Mac Address Based Filtering.

The post How to Install Squid Proxy Server on CentOS/RHEL 7/6 & Fedora 30/29/28 appeared first on TecAdmin.