Squid is one of the most used proxy servers for controlling internet access from the local network and securing the network from illegitimate traffic and attacks. They are placed between the client and the internet. All the requests from the client are routed through an intermediate proxy server. Squid works for a number of services like HyperText Transport Protocol (HTTP), File Transfer Protocol (FTP), and other network protocols.
Besides serving as a proxy server, Squid is mostly used for caching frequently visited web pages from a web server. So when a user requests a page from a web server, the requests first go through the proxy server to check if the requested content is available. This reduces the server load and bandwidth usage and speeds up the content delivery, thus improving the user’s experience.
Squid can also be used to become anonymous while surfing the internet. Through Squid proxying, we can access the restricted content of a particular country.
This guide will see how to install and configure Squid Proxy server on Debian 10(Buster).
Prerequisites:
- “sudo” access to the system upon which Squid will be installed.
- Basic knowledge of Debian based Linux terminal commands.
- Basic knowledge of using a Proxy server.
Steps For Installing squid on Debian 10(Buster)
1) First update the repository and packages on Debian 10(Buster)
$ sudo apt upgrade -y
2) Now install Squid package with the following command:
The installation process is pretty straight forward. It will automatically install any required dependency.
3) Now go to the main configuration file of the Squid Proxy Server located in /etc/squid/squid.conf.
Note: In order to stay safe, take the backup of this file.
4) To allow HTTP proxy server access for anyone, go to the line containing the string “http_access deny all” and change it to “http_access allow all” . If you are using vi or vim editor, you can directly go to this particular string using forward-slash(/) search.
Now just remove the “#” symbol at the start of this string to uncomment the line.
We will only allow localhost and our local network (LAN) devices to use Squid for more precise control. For this, we will change the squid.conf file as below:
“http_access deny localnet” to “http_access allow localnet”
“http_access deny localhost” to “http_access allow localhost”.
Now restart Squid service to apply changes.
5) Now go to the line specifying the “http_port” option. It contains the port number for Squid proxy servers. The default port number is 3128. If for some reason, like port number conflict, you can change the port number to some other value as shown below:
6) You can also change the hostname of the Squid proxy server with the visible_hostname option. Also restart the Squid service each time the configuration file is modified. Use the following command:
7) Configuring Squid ACL
a) Define a rule to only allow a particular IP address to connect.
Go to the line containing the string #acl localnet src and uncomment it. If the line is not there, just add a new one. Now add any IP you want to allow access from the Squid server. This is shown below:
Save the file and restart the squid server.
b) Define a rule to open a port for connection.
To open a port, uncomment the line “#acl Safe_ports port” and add a port number you want to allow:
Save the file and restart the squid server.
c) Use Squid Proxy to block access to specific websites.
To block access to certain websites using Squid, create a new file called blocked.acl in the same location as squid.conf.
Now specify websites you want to block by stating their address starting with a dot:
.youtube.com
.yahoo.com
Now again open the squid configuration file and look for the line “acl blocked_websites dstdomain”. Add the location of the file “blocked.acl” here as shown below:
Also add a line below this as:
Save the file and restart the squid server.
Similarly, we can create a new file to store the IP addresses of allowed clients that will use the Squid proxy.
Now specify IP addresses you want to allow and save the file. Now create a new acl line in the main config file and allow access to the acl using the http_access directive. These steps are shown below:
http_access allow allowedHosts
Save the file and restart the squid server.
Note: We can also add the IP addresses of allowed and denied clients in the main configuration file, as shown below:
acl myIP2 src 10.0.0.2
http_access allow myIP1
http_access allow myIP2
d) Changing squid port
The default port of Squid is 3128, which can be changed from squid.conf to any other value as shown below:
Save the file and restart the squid server.
Configuring Client for the Squid Proxy Server
The best thing with Squid is that all the configuration is to do on the server-side itself. To configure the client, you just need to input the squid setting in the web browser’s network setting.
Let’s do a simple test of proxying with Firefox web browser. Just go to Menu > preferences > Network Settings > Settings.
A new window will open up. In “Configure Proxy Access to the Internet” section select “Manual proxy configuration”. The text box labelled as “HTTP Proxy” but the Squid proxy server’s IP address. The in-text box labelled as Port, enter the port number you specified in “http_port” inside the squid.conf file.
In the search tab of the browser, go to any website address(www.google.com). You should be able to browse that website. Now return to Squid browser and stop the service by the command:
Again check the url of the website by refreshing the page. This time you would see the below error:
There is a lot of things we can do with Squid. It has vast documentation available at its official site. Here you can learn how to configure Squid with third-party applications, Configure Proxy Authentication and much more. Meanwhile, try blocking a specific website, IPs, change Squid default port, deploy Caching to Speed Up Data Transfer.