How to Install and Configure Squid Proxy on Ubuntu 20.04

Having a proxy on your system can increase traffic control and internet access. So today we will talk about how to install and configure Squid proxy on Ubuntu 20.04.

What is Squid Proxy?

According to the tool’s website:

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and Reusing frequently requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

As you can imagine, Squid is used by many Internet providers as well as sysadmin who need to control access to the Internet from the LAN.

So in many circumstances, using Squid on a server can yield great results.

Install Squid Proxy on Ubuntu 20.04

The Squid installation process is easy because the package is present in the official repositories of the distribution. So, we have to connect to our server via SSH and update it

sudo apt update  
sudo apt upgrade  

Thereafter, install Squid Proxy by running

sudo apt install squid  

This is enough to have our Squid installed on the system.

Squid works as a system service. To check that it is working properly, you have to run.

sudo systemctl status squid  

Moreover, you can stop it, initialize it or restart it with these commands

sudo systemctl stop squid  
sudo systemctl start squid  
sudo systemctl restart squid 

It’s that simple. Now it’s time to configure it.

Configure Squid Proxy on Ubuntu 20.04

The default configuration file is /etc/squid/squid.conf which contains many default rules that many may find sufficient. Before editing it, make a backup of it.

sudo cp /etc/squid/squid/squid.conf /etc/squid/squid.conf.bak  

Now edit it

sudo nano /etc/squid/squid.conf  

In this file, you can make many important settings. Today, I will show you some of the most critical ones.

First, you can change the default port on which Squid listens for requests. To complete this, modify http_port and set the port.

http_port 8181  

Since we have not specified a specific IP address, then Squid will listen on all network interfaces.

Furthermore, you can adjust the amount of cache memory Squid will use. In this case, cache_mem is the directive to modify followed by the value you want. For example:

cache_mem 512 MB  

Another thing you can define in this file is the DNS server to use. In this case, the dns_nameservers directive is the one to modify.

dns_nameservers 1.1.1.1.1 8.8.8.8.8  

As you can notice, I have defined two DNS servers.

Set the clients that can use Squid

Squid has the ACL (access control List) that establishes which clients on the network you can use Squid as a proxy. To do this inside the mentioned configuration file, you need to add an entry with this syntax:

acl [aclname] [acltype] [arguments]  

For example, if we want to allow access to the IP address 192.168.1.10 of our network, it would be something like this

acl lan src 192.168.1.10  

Then use http_access to allow access to the network.

http_access allow lan  

But what happens if it is to the whole network or subnet? Well, the ACL will look like this

acl alllan src 192.168.1.0/24  

In the same way, add in http_access

http_access allow alllan  

But if it is not the entire network but some addresses, it is convenient to define them in a separate file and then assign them to the configuration.

Create the file

sudo nano /etc/squid/allowed.txt  

And add all the IP addresses you want, one in each line.

Now add the ACL as follows

acl allowed src "/etc/squid/allowed.txt"  

Do not forget the http_access.

http_access allow allowed  

Just like that.

Deny access to unwanted websites with Squid

This is one of the most acclaimed Squid utilities because this is where we will decide which websites to deny access to.

So, create a file where we will define each of the sites.

sudo nano /etc/squid/denied.squid  

For example:

.facebook.com  
.twitter.com  
.youtube.com  
.deezer.com  

And so on as many as you want.

Save the changes and close the editor.

Now in the configuration file add

acl denied dstdomain "/etc/squid/denied.squid"

Do not forget also

http_access deny denied  

Save the changes and close the editor.

Another useful way to limit access to websites is to do it through Keywords.

So, create a file with the keywords you want to filter.

sudo nano /etc/squid/key.squid  

And add them in each line. For example:

sex  
alcohol  

Save the changes and close the editor.

Now in the settings file add the following

acl key url_regex -i "/etc/squid/key.squid"  

And the restriction

http_access deny key  

Save the changes and close the editor,

To apply all changes, restart Squid

sudo systemctl restart squid  

Now it remains that on each allowed client, you configure the network to use Squid. This can be done at the system level or from the web browser of each of them.

Conclusion

Squid is an essential tool in servers to control the network and its usage. Thanks to this, you have learned how to install and configure it on an Ubuntu 20.04 server, so you can use it in your projects.

Help us to grow and share this post.

Squid Proxy documentation

Share This:

Leave a Comment

Your email address will not be published. Required fields are marked *