In this blog post , We will learn to install and configure squid proxy Server on Ubuntu systems.
What is Squid Proxy Server?
- Squid is a caching and forwarding HTTP web proxy.
- It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic.
- Squid has extensive access controls which makes great server accelerator.
Why should I use Squid?
For Websites :
It helps in scaling applications without huge investment in hardware and development.
The most frequently accessed contents are cached by squid and serves to the end-users within fraction of seconds.
For Content delivery providers :
To help distribute the content and the streaming the media’s worldwide.
For Internet Service providers :
Squid helps ISP’s to save their bandwidth by caching the content and the users will see the content at faster speed as the more frequent content are already cached.
Installing Squid on Ubuntu
Squid package is available on the default Ubuntu repository.
Before installing the package , Update the APT package software repositories.
sudo apt-get update
Once the packages are updated , Lets go ahead and install squid on ubuntu.
sudo apt-get install squid -y
Once the squid package along with its dependencies are installed , We can start the squid service and enable it to start on system bootup.
sudo systemctl start squid
Check the status of the squid service using the below command.
sudo systemctl status squid
Enable the squid service to start automatically on system bootup.
sudo systemctl enable squid
The squid files are stored under the following directries.
The squid configuration file (squid.conf) is stored under /etc/squid folder.
The squid access log (access.log) is stored under /var/log/squid folder
The squid cache log (cache.log) is stored under /var/log/squid folder
Be default squid is configured to listen on port 3128.
Running Squid on Different Port
By default , squid proxy server runs on the port 3128.You can also change this port if required.
To setup a custom port for squid proxy server , Open /etc/squid/squid.conf
sudo nano /etc/squid/squid.conf
and change the http_port value with a new port.
Once modified , Save and close the file.We need to restart the squid service.
sudo systemctl restart squid
Now Run the below command and you can see that the squid service is running on the different port as you configured.
sudo netstat -nltp |grep squid
Allowing Traffic from Squid
Sometimes We may need to allow all the traffic on the squid proxy server , For that we need make configurations changes on the squid.
Open the /etc/squid/squid.conf file and then http_access
We need to uncomment http_access allow all and then comment http_access deny all , as shown below in the image.
Once done , Save and close the file and restart the squid proxy server for the changes to take effect.
Blocking Websites using Squid Proxy Server
Sometimes you may want to block certain websites / domains and restrict users from accessing it.
Lets see how to configure squid proxy server to block domains.
For example : We will block domains such as facebook.com and youtube.com
We need to edit /etc/squid/squid.conf file.
Open /etc/squid/squid.conf file and then add the below lines before http_access allow all line as shown below.
acl blocksite1 dstdomain www.facebook.com
acl blocksite2 dstdomain www.youtube.com
http_access deny blocksite1
http_access deny blocksite2
Save and close the file and then restart squid proxy server.
If you want to block many domain names , Then we can create a domain list and then configure the squid accordingly.
Go to /etc/squid folder , Create a file blockdomains.lst and then add the domain names (one domain name per line).
and then we have to add the below lines to /etc/squid/squid.conf file.
acl blocklist dstdomain "/etc/squid/blockdomains.lst"
http_access deny blocklist
Save and Close the file and then restart the squid proxy server.
Now that we have configured squid proxy as per the requirement.lets configure the end users (client) to use squid proxy server so that they wont be able to access certain domains as we configured.
Configuring Clients to use Squid proxy Server
To restrict the end users from access the certain domains from the company laptop / desktop , We need to configure the end users browser’s to use the proxy server.
To test whether the proxy server is working or not , Open the Firefox brower , Click Preferences and then search for network
Click Settings , Choose Manual proxy configuration and then Provide the Proxy server’s IP address and the Port number.
Once you have provided the required details , Click OK.
Now If the users accesses anything on the web, the traffic will go through the squid proxy server and restricts the users from accessing the certain domains as per the rule we configured in the proxy server.
The same settings should be configured on all the browsers installed on the system.
Lets go ahead and test whether the domains are blocked as per the squid configurations.
For testing , I have blocked domains such as facebook.com , twitter.com , reddit.com , youtube.com , Anything other than these websites I should be able to access.
Lets go to the browser and verify it.
From the above screenshots You can see that I am unable to access the domains and this is the expected behaviour.
Now If I access google.com which is not blacklisted in the squid proxy server , I should be able to access it.
We can modify the domains as per the requirement in the squid configuration.
If you wish to remove proxy for the end users , Go to browser’s network settings and then change the proxy settings to No proxy
We have successfully installed and configured squid proxy server on the ubuntu operating system.
Also we have learnt to configure squid proxy to block certain domains and allowed users to use the proxy servers.
Hope you find it helpful.
Please do check out my other articles.