Wednesday, 16 September 2020

Squid Proxy Server on Ubuntu 20.04

 Subscribe to " FACEITNET " Youtube channel for more interesting videos 

Squid Proxy Server on Ubuntu 20.04

First, update your system packages. Note that for all the commands, I will be running them as root user

Check the system first

sudo apt update

sudo apt upgrade

Next, install squid proxy on Ubuntu 20.04. Installing Squid proxy in Ubuntu 20.04 is easy because it is already available in Ubuntu 20 repositories. Confirm this with the below command.

sudo apt-cache policy squid


To install Squid proxy, run the below commands. Also enable to start on system boot then check status

sudo apt-get install -y squid

sudo systemctl start squid

sudo systemctl enable squid

sudo systemctl status squid



Configuring Squid server

The squid configuration file is located at /etc/squid/squid.conf and /etc/squid/conf.d/ directory. Let us edit the /etc/squid/squid.conf using a text editor. Make a backup of the original file so that we can go back if something goes wrong using the cp command:

sudo cp -v /etc/squid/squid.conf{,.factory}

or

sudo cp /etc/squid/squid.conf  /etc/squid/squid.conf.orig






Now, do your custom settings in /etc/squid/squid.conf. Open the file with your preferred file editor

sudo vim /etc/squid/squid.conf

 

1.   Change squid port and listing IP address

By default, squid listens to all IP addresses on all interfaces. The default port is TCP 3128. To alter this, open squid.conf file and look for http_port line. Change to your desired port number and save the file

#http_port 3128

http_port 8080


http_access deny all

This line won’t let anybody to access the HTTP proxy server, that’s why you need to change it to http_access allow all to start using your Squid proxy server


$ sudo systemctl restart squid

 

Make sure to allow the port though the firewall

sudo ufw allow 8080/tcp

sudo ufw enable

2.    Set Squid cache memory size

To set your desired cache memory, use the settings below. For my case, I am using 256 MB

cache_mem 256 MB


3.   Specify DNS name-servers to use

To define your own DNS servers, use the command as shown

dns_nameservers 8.8.8.8 8.8.4.4


4.    Squid ACL and http_access

Now, edit squid.conf to add rules of your choice. A proxy server is selective of what goes through it. We can allow access from specific networks/ IP addresses and deny others. It can also be used to filter traffic by restricting access to certain sites or by blocking content based on certain keywords. This is achieved by use of ACLs (Access Control Lists), which define what is allowed and what is denied. Http_access define the allow or deny based on an ACL

Let’s define ACLs for Squid proxy server. Allow LAN network through Squid proxy server

acl localnet src 192.168.242.0/24


     sudo systemctl restart squid

 

5.   deny access to specific websites

When dealing with a number of websites, it is easier and more organized to put all the sites in a file then call it, otherwise you would list the cites in the acl rule. Lets create a file called blockwebs.squid in the squid directory.

sudo touch /etc/squid/blacklisted_sites.acl

Add the sites that you wish to deny access. For my case, I am using facebook and youtube. Save the file after.

.facebook.com

.youtube.com

. twiter.com


Now open squid.conf and create an acl rule for the denied sites and add a deny rule then save the file

acl bad_urls dstdomain "/etc/squid/blacklisted_sites.acl"

http_access deny bad_urls

 

sudo systemctl restart squid

6.   block traffic basing on some keywords

To block a list of keywords, first create a file called “blockkeywords.lst” that will store the blacklisted keywords in it.

sudo touch /etc/squid/blockkeywords.lst

Now add the keywords that you wish to block access

facebook

instagram

gmail



 

Now open Squid’s configuration file and add the following rul

acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"

http_access deny blockkeywordlist

sudo systemctl restart squid

 

7.   Configure Client to Use Squid Proxy

Now to test that your proxy server is working or not


 



 

you can also do the following as well. 

·         Block file extensions

·         Allow internet access only between 9:00AM and 18:00 during weekdays

 

 

 

No comments:

Http vs Https