Squid is an open-source, full-featured, and high-performance web proxy cache application that can be arranged to cache the content received through it, subsequently reducing bandwidth usage and accelerating response times by caching and reusing frequently-requested web pages. Squid supports a wide variety of protocols such as HTTP, HTTPS, FTP, and more. It is widely used for its caching capabilities, which can significantly improve web response times, save bandwidth, and increase redundancy if multiple squid proxies are used within a network.
In this tutorial, we’ll cover how to install and configure Squid as a caching proxy server on a Debian Linux system. Also provide you instructions to block specific domain/websites or keywords with Squid server.
Prerequisites
- A server running Debian Linux.
- Sudo or root access to run privileged system commands.
Step 1: Installing Squid on Debian
You can install the Squid package directly from Debian’s repositories using the apt package manager. However, first, update your package list:
sudo apt update
Once the package list is updated, install Squid with:
sudo apt install squid
Step 2: Configuring Squid on Debian
The configuration file for Squid is located at /etc/squid/squid.conf. You can open this file with any text editor. In this example, we’ll use nano:
sudo nano /etc/squid/squid.conf
This configuration file can be quite large and complicated for new users, but for the basic functionality, you’ll only need to adjust a few parameters.
- Configuring Access Control:
Squid uses the ACLs (Access Control Lists) to control who can access what resource and performs what operation. By default, no one can access the HTTP proxy except for localhost.
For example, to allow network 192.168.1.0/24 to access the proxy, find the line that begins with `http_access deny all`, comment it out, and then add the following lines:
12acl localnet src 192.168.1.0/24http_access allow localnetHere, `localnet` is the name of the new ACL rule, src means source, and 192.168.1.0/24 is the network and netmask.
- Configuring the HTTP Proxy Port:
By default, Squid listens on port 3128. If you want to change this, locate the line beginning with `http_port` and change it as needed. For example:
1http_port 8080 - Configuring Cache Parameters:
To adjust the cache parameters, locate the lines beginning with `cache_mem` and `maximum_object_size`. You can adjust these parameters as per your server’s capacity.
12cache_mem 256 MBmaximum_object_size 512 MBHere, `cache_mem` is the memory cache size, and `maximum_object_size` is the maximum size of an object to be stored in the cache.
Remember to save your changes (Ctrl + X followed by Y to save and exit in nano).
- Block Specific Domains:
First, create a new file where you will list the domains you want to block. You can create this anywhere, but in this example, we’ll create a file called blocked_domains in the /etc/squid/ directory:
sudo nano /etc/squid/blocked_domains
Add the domains you want to block, one per line. For example:
12facebook.comtwitter.comThen save and close the file.
Now, go back to the Squid configuration file:
sudo nano /etc/squid/squid.conf
At the bottom of the file (or anywhere you see fit), add the following lines:
12acl blocked_domains dstdomain "/etc/squid/blocked_domains"http_access deny blocked_domainsSave changes and close the file.
- Block Specific Keywords:
Similarly, create a new file where you will list the keywords you want to block. Let’s create a file called blocked_keywords in the /etc/squid/ directory:
sudo nano /etc/squid/blocked_keywords
Add the keywords you want to block, one per line. For example:
12gamblingadultThen save and close the file.
Open the Squid configuration file:
sudo nano /etc/squid/squid.conf
Add the following lines at the bottom (or anywhere you see fit):
12acl blocked_keywords url_regex -i "/etc/squid/blocked_keywords"http_access deny blocked_keywordsSave and close the file.
Step 3: Restarting Squid
After making changes in the Squid configuration file, you must restart Squid for changes to take effect:
sudo systemctl restart squid
Step 4: Configuring Firewall (Optional)
If you are running a firewall, you may need to allow the Squid port through it. In case you’re using UFW, you can do this with the following command (assuming you set Squid to run on port 8080):
sudo ufw allow 8080/tcp
Step 5 — Testing Squid Proxy
To verify that Squid is working as expected, you can use the curl command from a system that falls under the IP range you allowed in the Squid configuration (assuming Squid server’s IP is 192.168.1.100 and port is 8080):
curl -x http://192.168.1.100:8080 -I http://www.google.com
If Squid is working correctly, the output should show the HTTP response headers of the Google homepage, and one of the lines should be Via: 1.1 squid.
Conclusion
With this comprehensive guide, you’ve successfully installed, configured, and customized a Squid Proxy Server on Debian. We’ve covered how to set access controls, adjust cache parameters, modify the default listening port, and manage firewall rules to allow proxy traffic. Furthermore, you’ve also learned how to bolster network integrity and enforce access policies by blocking specific domains and keywords.
3 Comments
I think it is not a good idea to add the line “http_access allow all” alone as this will litterally allow everyone in the world to use your proxy server (for legit or criminal things). I would at least add some authentication measure.
And I dont need to specfiy a proxy for any clients?!?
Thanks It was really helpful