How to Install and Configure Squid Proxy Server on Debian

Squid is an open-source, full-featured, and high-performance web proxy cache application that can be arranged to cache the content received through it, subsequently reducing bandwidth usage and accelerating response times by caching and reusing frequently-requested web pages. Squid supports a wide variety of protocols such as HTTP, HTTPS, FTP, and more. It is widely used for its caching capabilities, which can significantly improve web response times, save bandwidth, and increase redundancy if multiple squid proxies are used within a network.

In this tutorial, we’ll cover how to install and configure Squid as a caching proxy server on a Debian Linux system. Also provide you instructions to block specific domain/websites or keywords with Squid server.

Advertisement

Prerequisites

• A server running Debian Linux.
• Sudo or root access to run privileged system commands.

Step 1: Installing Squid on Debian

You can install the Squid package directly from Debian’s repositories using the apt package manager. However, first, update your package list:

sudo apt update 

Once the package list is updated, install Squid with:

sudo apt install squid 

Step 2: Configuring Squid on Debian

The configuration file for Squid is located at /etc/squid/squid.conf. You can open this file with any text editor. In this example, we’ll use nano:

sudo nano /etc/squid/squid.conf 

This configuration file can be quite large and complicated for new users, but for the basic functionality, you’ll only need to adjust a few parameters.

Configuring Access Control:

Squid uses the ACLs (Access Control Lists) to control who can access what resource and performs what operation. By default, no one can access the HTTP proxy except for localhost.

For example, to allow network 192.168.1.0/24 to access the proxy, find the line that begins with `http_access deny all`, comment it out, and then add the following lines:

acl localnet src 192.168.1.0/24 http_access allow localnet

1 2	acl localnet src 192.168.1.0/24 http_access allow localnet

Here, `localnet` is the name of the new ACL rule, src means source, and 192.168.1.0/24 is the network and netmask.

Configuring the HTTP Proxy Port:

By default, Squid listens on port 3128. If you want to change this, locate the line beginning with `http_port` and change it as needed. For example:

http_port 8080

1	http_port 8080

Configuring Cache Parameters:

To adjust the cache parameters, locate the lines beginning with `cache_mem` and `maximum_object_size`. You can adjust these parameters as per your server’s capacity.

cache_mem 256 MB maximum_object_size 512 MB

1 2	cache_mem 256 MB maximum_object_size 512 MB

Here, `cache_mem` is the memory cache size, and `maximum_object_size` is the maximum size of an object to be stored in the cache.

Remember to save your changes (Ctrl + X followed by Y to save and exit in nano).

Block Specific Domains:

First, create a new file where you will list the domains you want to block. You can create this anywhere, but in this example, we’ll create a file called blocked_domains in the /etc/squid/ directory:

sudo nano /etc/squid/blocked_domains  

Add the domains you want to block, one per line. For example:

facebook.com twitter.com

1 2	facebook.com twitter.com

Then save and close the file.

Now, go back to the Squid configuration file:

sudo nano /etc/squid/squid.conf 

At the bottom of the file (or anywhere you see fit), add the following lines:

acl blocked_domains dstdomain "/etc/squid/blocked_domains" http_access deny blocked_domains

1 2	acl blocked_domains dstdomain "/etc/squid/blocked_domains" http_access deny blocked_domains

Save changes and close the file.

Block Specific Keywords:

Similarly, create a new file where you will list the keywords you want to block. Let’s create a file called blocked_keywords in the /etc/squid/ directory:

sudo nano /etc/squid/blocked_keywords 

Add the keywords you want to block, one per line. For example:

gambling adult

1 2	gambling adult

Then save and close the file.

Open the Squid configuration file:

sudo nano /etc/squid/squid.conf 

Add the following lines at the bottom (or anywhere you see fit):

acl blocked_keywords url_regex -i "/etc/squid/blocked_keywords" http_access deny blocked_keywords

1 2	acl blocked_keywords url_regex -i "/etc/squid/blocked_keywords" http_access deny blocked_keywords

Save and close the file.

Step 3: Restarting Squid

After making changes in the Squid configuration file, you must restart Squid for changes to take effect:

sudo systemctl restart squid 

Step 4: Configuring Firewall (Optional)

If you are running a firewall, you may need to allow the Squid port through it. In case you’re using UFW, you can do this with the following command (assuming you set Squid to run on port 8080):

sudo ufw allow 8080/tcp 

Step 5 — Testing Squid Proxy

To verify that Squid is working as expected, you can use the curl command from a system that falls under the IP range you allowed in the Squid configuration (assuming Squid server’s IP is 192.168.1.100 and port is 8080):

curl -x http://192.168.1.100:8080 -I http://www.google.com 

If Squid is working correctly, the output should show the HTTP response headers of the Google homepage, and one of the lines should be Via: 1.1 squid.

Conclusion

With this comprehensive guide, you’ve successfully installed, configured, and customized a Squid Proxy Server on Debian. We’ve covered how to set access controls, adjust cache parameters, modify the default listening port, and manage firewall rules to allow proxy traffic. Furthermore, you’ve also learned how to bolster network integrity and enforce access policies by blocking specific domains and keywords.