Having a proxy on your system can increase traffic control and internet access. So today we will talk about how to install and configure Squid proxy on Ubuntu 20.04.
What is Squid Proxy?
According to the tool’s website:
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and Reusing frequently requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
As you can imagine, Squid is used by many Internet providers as well as sysadmin who need to control access to the Internet from the LAN.
So in many circumstances, using Squid on a server can yield great results.
Install Squid Proxy on Ubuntu 20.04
The Squid installation process is easy because the package is present in the official repositories of the distribution. So, we have to connect to our server via SSH and update it
sudo apt update
sudo apt upgrade Thereafter, install Squid Proxy by running
sudo apt install squid This is enough to have our Squid installed on the system.
Squid works as a system service. To check that it is working properly, you have to run.
sudo systemctl status squid Moreover, you can stop it, initialize it or restart it with these commands
sudo systemctl stop squid
sudo systemctl start squid
sudo systemctl restart squid It’s that simple. Now it’s time to configure it.
Configure Squid Proxy on Ubuntu 20.04
The default configuration file is /etc/squid/squid.conf which contains many default rules that many may find sufficient. Before editing it, make a backup of it.
sudo cp /etc/squid/squid/squid.conf /etc/squid/squid.conf.bak Now edit it
sudo nano /etc/squid/squid.conf In this file, you can make many important settings. Today, I will show you some of the most critical ones.
First, you can change the default port on which Squid listens for requests. To complete this, modify http_port and set the port.
http_port 8181 Since we have not specified a specific IP address, then Squid will listen on all network interfaces.
Furthermore, you can adjust the amount of cache memory Squid will use. In this case, cache_mem is the directive to modify followed by the value you want. For example:
cache_mem 512 MB Another thing you can define in this file is the DNS server to use. In this case, the dns_nameservers directive is the one to modify.
dns_nameservers 1.1.1.1.1 8.8.8.8.8 As you can notice, I have defined two DNS servers.
Set the clients that can use Squid
Squid has the ACL (access control List) that establishes which clients on the network you can use Squid as a proxy. To do this inside the mentioned configuration file, you need to add an entry with this syntax:
acl [aclname] [acltype] [arguments] For example, if we want to allow access to the IP address 192.168.1.10 of our network, it would be something like this
acl lan src 192.168.1.10 Then use http_access to allow access to the network.
http_access allow lan But what happens if it is to the whole network or subnet? Well, the ACL will look like this
acl alllan src 192.168.1.0/24
In the same way, add in http_access
http_access allow alllan But if it is not the entire network but some addresses, it is convenient to define them in a separate file and then assign them to the configuration.
Create the file
sudo nano /etc/squid/allowed.txt
And add all the IP addresses you want, one in each line.
Now add the ACL as follows
acl allowed src "/etc/squid/allowed.txt" Do not forget the http_access.
http_access allow allowed Just like that.
Deny access to unwanted websites with Squid
This is one of the most acclaimed Squid utilities because this is where we will decide which websites to deny access to.
So, create a file where we will define each of the sites.
sudo nano /etc/squid/denied.squid For example:
.facebook.com
.twitter.com
.youtube.com
.deezer.com And so on as many as you want.
Save the changes and close the editor.
Now in the configuration file add
acl denied dstdomain "/etc/squid/denied.squid"Do not forget also
http_access deny denied Save the changes and close the editor.
Another useful way to limit access to websites is to do it through Keywords.
So, create a file with the keywords you want to filter.
sudo nano /etc/squid/key.squid And add them in each line. For example:
sex
alcohol Save the changes and close the editor.
Now in the settings file add the following
acl key url_regex -i "/etc/squid/key.squid" And the restriction
http_access deny key Save the changes and close the editor,
To apply all changes, restart Squid
sudo systemctl restart squid Now it remains that on each allowed client, you configure the network to use Squid. This can be done at the system level or from the web browser of each of them.
Conclusion
Squid is an essential tool in servers to control the network and its usage. Thanks to this, you have learned how to install and configure it on an Ubuntu 20.04 server, so you can use it in your projects.
Help us to grow and share this post.
thank you for the information