Subscribe to " FACEITNET " Youtube channel for more interesting videos
Squid Proxy Server on Ubuntu 20.04
First, update your system packages. Note that for all the
commands, I will be running them as root user
Check the system first
sudo apt update
sudo apt upgrade
Next, install squid proxy on Ubuntu 20.04. Installing Squid proxy
in Ubuntu 20.04 is easy because it is already available in Ubuntu 20
repositories. Confirm this with the below command.
sudo apt-cache policy squid
To install Squid proxy, run the below commands. Also enable
to start on system boot then check status
sudo apt-get install -y squid
sudo systemctl start squid
sudo systemctl enable squid
sudo systemctl status squid
Configuring Squid server
The squid configuration file is located at
/etc/squid/squid.conf and /etc/squid/conf.d/ directory. Let us edit the
/etc/squid/squid.conf using a text editor. Make a backup of the original file
so that we can go back if something goes wrong using the cp command:
sudo cp -v
/etc/squid/squid.conf{,.factory}
or
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.orig
Now, do your custom settings in /etc/squid/squid.conf. Open the file
with your preferred file editor
sudo vim /etc/squid/squid.conf
1.
Change squid port and listing IP
address
By default, squid listens to all IP addresses on all
interfaces. The default port is TCP 3128. To alter this, open squid.conf file
and look for http_port line. Change to your desired port number and
save the file
#http_port 3128
http_port 8080
http_access deny all
This line won’t let anybody to access the HTTP proxy server, that’s
why you need to change it to http_access allow all to start
using your Squid proxy server
$ sudo systemctl restart squid
Make sure to allow the port though the firewall
sudo ufw allow 8080/tcp
sudo ufw enable
2.
Set Squid cache memory size
To set your desired cache memory, use the settings below. For
my case, I am using 256 MB
cache_mem 256 MB
3.
Specify DNS name-servers to use
To define your own DNS servers, use the command as shown
dns_nameservers 8.8.8.8 8.8.4.4
4.
Squid ACL and http_access
Now, edit squid.conf to add rules of
your choice. A proxy server is selective of what goes through it. We can allow
access from specific networks/ IP addresses and deny others. It can also be
used to filter traffic by restricting access to certain sites or by blocking
content based on certain keywords. This is achieved by use of ACLs (Access
Control Lists), which define what is allowed and what is denied. Http_access
define the allow or deny based on an ACL
Let’s define ACLs for Squid proxy
server. Allow LAN network through Squid proxy server
acl localnet src 192.168.242.0/24
5.
deny access to specific websites
When dealing with a number of
websites, it is easier and more organized to put all the sites in a file then
call it, otherwise you would list the cites in the acl rule. Lets create a file
called blockwebs.squid in the squid directory.
sudo touch
/etc/squid/blacklisted_sites.acl
Add the sites that you wish to deny
access. For my case, I am using facebook and youtube. Save the file after.
. twiter.com
Now open squid.conf and create an
acl rule for the denied sites and add a deny rule then save the file
acl bad_urls dstdomain
"/etc/squid/blacklisted_sites.acl"
http_access deny bad_urls
sudo systemctl restart squid
6.
block traffic basing on some keywords
To block a list of keywords, first
create a file called “blockkeywords.lst” that will store the blacklisted
keywords in it.
sudo touch
/etc/squid/blockkeywords.lst
Now add the keywords that you wish
to block access
facebook
instagram
gmail
Now open Squid’s configuration file
and add the following rul
acl blockkeywordlist url_regex
"/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist
sudo systemctl restart squid
7.
Configure Client to Use Squid Proxy
Now to test that your proxy server
is working or not
you can also do the following as well.
·
Block
file extensions
·
Allow
internet access only between 9:00AM and 18:00 during weekdays
