Install and Setup Squid Proxy on Ubuntu

Linux Topic

December 20, 2022 by Ashley

Install and Setup Squid Proxy on Ubuntu

Squid Proxy is an open-source Unix-based proxy server that caches internet content closer to a requestor than its original point of origin. As the most popular proxy caching server, it will increase your response time and reduces bandwidth congestion because it caches frequently requested Web pages, media files, and other content. Squid Cache Server installation must be managed by trained technicians. So, to be an expert in this, join this article to learn How to Install and Setup Squid Proxy on Ubuntu to Secure Connection.

Prerequisites to Install Squid Proxy on Ubuntu

To let this tutorial work correctly, cover the below considerations.

  • A system running Ubuntu.
  • Access to a terminal window/command line (Ctrl-Alt-T)
  • A non-root user with sudo privileges.
  • A text editor.

Tutorial Install and Setup Squid Proxy on Ubuntu

Squid is a useful security tool that can cache HTTP and FTP files, among many other types of Web content, and sends the client’s request to the server and saves a copy of the requested objects. Previously, you have learned all about Proxy. Squid Proxy is used to route an individual suer’s outbound traffic. It also acts as a DNS server to resolve hostnames with its internal DNS client. Using Squid helps you to block unwelcome visitors from entering your network and prevent dangerous websites from harming users. According to the authentication options of Squid, you can select which users are authorized to use the proxy’s resources. Since squid can function as a proxy server, it would grant or deny users access to the internet.

Let’s go through this article and review the required steps to install and setup Squid Proxy on Ubuntu. Firstly, we start with installing squid.

Install Squid Proxy on Ubuntu

By default, the squid package is included in Ubuntu. To update your package listing, and install Squid Proxy, run the command below as sudo user.

sudo apt update
sudo apt install squid

The Squid service will start automatically when the installation process is ended. Use the following command to check if the service is running correctly:

sudo systemctl status squid

The output will look something like this:

squid.service - squid web proxy server
      Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
      Active: active (running) since Fri 2022-12-22 10:10:10 UTC; 10min 10s ago

Configure Squid Proxy on Ubuntu

Now, you are ready to configure Squid. To do this, you can edit the /etc/squid/squid.conf file. But you are highly recommended to back up the original configuration file and then make changes. So, run:

sudo cp /etc/squid/squid.conf{,.orginal}

Next, configure your squid instance by editing the file with your favorite text editor. Here, we use nano.

sudo nano /etc/squid/squid.conf

The squid is set to listen on port 3128 on all network interfaces on the server by default. But you can change the port and set another listening interface. To do this, change the locate line starting with http-port and specify the interface IP address and the new port. Squid will listen on all interfaces if no interface is specified.

/etc/squid/squid.conf

# Squid normally listens to port 3128
http_port IP_ADDR:PORT

If you create an ACL (Access Control List) including allowed IPs, you can restrict access to the proxy server when all the clients have a static IP address. Or the squid must be set to use authentication. You can improve your knowledge if you need to read more about IP and its types.

Create a new dedicated file to hold the allowed IPs (Instead of adding the IP addresses).

/etc/squid/allowed_ips.txt

192.168.33.1
# All other allowed IPs

To create a new ACL named allowed-ips , open the main configuration and allow access to that ACL. To do this use the http-access directive.

Note: Since the order of the rules http-access matters, ensure adding the line before http_access deny all.

/etc/squid/squid.conf

# ...
acl allowed_ips src "/etc/squid/allowed_ips.txt"
# ...
#http_access allow localnet
http_access allow localhost
http_access allow allowed_ips
# And finally deny all other access to this proxy
http_access deny all

Once the making the changes are finished, restart the Squid service to let the changes take effect.

sudo systemctl restart squid

Then, save and close the file. Press Ctrl+X, Y, and Enter if you are using nano.

Secure and Authenticate Squid Proxy on Ubuntu

Squid supports Samba, LDAP, and HTTP basic auth. To use a back-end to authenticate users, configure squid. It is also useful when restricting access based on IP seems to not work. In the following, you can see how to use a simple authentication method built into the HTTP protocol and a basic auth.

Here, we use the openssl tool to generate a crypted password. To add the USERNAME:PASSWORD pair to the /etc/squid/htpasswd file:

printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n" | sudo tee -a /etc/squid/htpasswd

Run a command like the one below to create a user ‘’opera’’ with the password ”P@sv0rD

printf "opera:$(openssl passwd -crypt ' P@sv0rD)\n" | sudo tee -a /etc/squid/htpasswd

To enable the HHTP basic authentication and include the file containing the user credentials to the squid configuration file, open the main configuration and add the below line:

sudo nano /etc/squid/squid.conf

/etc/squid/squid.conf

# ...
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
# ...
#http_access allow localnet
http_access allow localhost
http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all

In this way, a new ACL named authenticated will be created, and accessing authenticated users will be allowed. Then, you can restart the Squid service.

sudo systemctl restart squid

Configure firewall

In this part, you will enable the UFW Squid profile to open the Squid ports:

sudo ufw allow 'Squid'

If Squid is running on a non-default port, you can allow traffic on that port. If we assume port 888:

sudo ufw allow 8888/tcp.

How to configure web browsers to use Squid Proxy

So far, you learned how to install and setup Squid Proxy on Ubuntu. Now, let’s see how to configure your favorite browser. Here, we will discuss Firefox and Google Chrome.

Firefox

To configure Firefox and use it, you just need to follow the below-required steps which are the same for Windows, macOS, and Linux.

  1. In the upper right-hand corner, click on the hamburger icon to open Firefox’s menu.
  2. Click on the ⚙ Preferences link.
  3. Scroll down to the Network Settings section and click on the Settings... button.

When a new Window is open, do the following steps:

  1. Select the Manual proxy configuration radio button.
  2. Enter your Squid server IP address in the HTTP Host field and 3128 in the Port field.
  3. Select the Use this proxy server for all protocols checkbox.
  4. Click on the OK button to save the settings.

After passing all the above steps, Firefox must be configured. So, you can browse the internet through the Squid proxy. To check if it is working properly, open google.com, type ‘’what is my ip’’ to see your Squid server IP address.

Anytime you preferred to revert to the default settings, go to Network Settings, select the Use system proxy settings radio button and save the settings.

Google Chrome

Since Google Chrome uses the default system proxy settings, you can use an addon such as SwitchyOmega or start Chrome web browser from the command line instead of changing your operating system proxy settings.

Run the command below to launch Chrome using a new profile and connect to the Squid server.

Linux:

/usr/bin/google-chrome \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="http://SQUID_IP:3128"

Windows:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
    --user-data-dir="%USERPROFILE%\proxy-profile" ^
    --proxy-server="http://SQUID_IP:3128"

macOS:

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
    --user-data-dir="$HOME/proxy-profile" \
    --proxy-server="http://SQUID_IP:3128"

Again, as you did for Firefox, open google.com, type ‘’what is my ip’’ to see your Squid server IP address and check if the proxy server is working correctly.

How to block a website on Squid Proxy?

Using Squid Proxy enables you to block the desired website. By adding some rules, you will be able to clock websites based on the URL, keyword, domain name, and extensions.

Firstly, create and edit a new text file /etc/squid/blocked.acl:

sudo nano /etc/squid/blocked.acl

You must add your considered websites to be blocked, starting with a dot (.facebook or .twitter) to let it block all subsites of the main site.

Then, open the /etc/squid/squid.conf file again:

sudo nano /etc/squid/squid.conf

Now, add the lines below just above your ACL list:

acl blocked_websites dstdomain “/etc/squid/blocked.acl”
http_access deny blocked_websites

Conclusion

In this article, you learned How to Install and Setup Squid Proxy on Ubuntu. Squid Proxy grants reports of visited websites that enable you to evaluate users’ browsing behavior and use them to scale, secure, and plan resources. If you follow the required steps of this guide properly, you can smoothly install and setup Squid Proxy on Ubuntu without any errors. However, our technical support team will try their best to solve your problems, if you encounter any problems.

Helpful

​ ​ ​ ​

About the Author Ashley

Leave a Reply

Your email address will not be published. Required fields are marked *