How to Install and Configure Squid Proxy Server on Debian

Squid is an open-source, full-featured, and high-performance web proxy cache application that can be arranged to cache the content received through it, subsequently reducing bandwidth usage and accelerating response times by caching and reusing frequently-requested web pages. Squid supports a wide variety of protocols such as HTTP, HTTPS, FTP, and more. It is widely used for its caching capabilities, which can significantly improve web response times, save bandwidth, and increase redundancy if multiple squid proxies are used within a network.

In this tutorial, we’ll cover how to install and configure Squid as a caching proxy server on a Debian Linux system. Also provide you instructions to block specific domain/websites or keywords with Squid server.

Prerequisites

• A server running Debian Linux.
• Sudo or root access to run privileged system commands.

Step 1: Installing Squid on Debian

You can install the Squid package directly from Debian’s repositories using the apt package manager. However, first, update your package list:

sudo apt update 

Once the package list is updated, install Squid with:

sudo apt install squid 

Step 2: Configuring Squid on Debian

The configuration file for Squid is located at /etc/squid/squid.conf. You can open this file with any text editor. In this example, we’ll use nano:

sudo nano /etc/squid/squid.conf 

This configuration file can be quite large and complicated for new users, but for the basic functionality, you’ll only need to adjust a few parameters.

1. Configuring Access Control:

   Squid uses the ACLs (Access Control Lists) to control who can access what resource and performs what operation. By default, no one can access the HTTP proxy except for localhost.

   For example, to allow network 192.168.1.0/24 to access the proxy, find the line that begins with `http_access deny all`, comment it out, and then add the following lines:

   acl localnet src 192.168.1.0/24 http_access allow localnet

   1 2	acl localnet src 192.168.1.0/24 http_access allow localnet

   Here, `localnet` is the name of the new ACL rule, src means source, and 192.168.1.0/24 is the network and netmask.

2. Configuring the HTTP Proxy Port:

   By default, Squid listens on port 3128. If you want to change this, locate the line beginning with `http_port` and change it as needed. For example:

   http_port 8080

   1	http_port 8080

3. Configuring Cache Parameters:

   To adjust the cache parameters, locate the lines beginning with `cache_mem` and `maximum_object_size`. You can adjust these parameters as per your server’s capacity.

   cache_mem 256 MB maximum_object_size 512 MB

   1 2	cache_mem 256 MB maximum_object_size 512 MB

   Here, `cache_mem` is the memory cache size, and `maximum_object_size` is the maximum size of an object to be stored in the cache.

   Remember to save your changes (Ctrl + X followed by Y to save and exit in nano).

4. Block Specific Domains:

   First, create a new file where you will list the domains you want to block. You can create this anywhere, but in this example, we’ll create a file called blocked_domains in the /etc/squid/ directory:

   sudo nano /etc/squid/blocked_domains  
   

   Add the domains you want to block, one per line. For example:

   facebook.com youtube.com twitter.com

   1 2 3

   facebook.com youtube.com twitter.com

   Then save and close the file.

   Now, go back to the Squid configuration file:

   sudo nano /etc/squid/squid.conf 
   

   At the bottom of the file (or anywhere you see fit), add the following lines:

   acl blocked_domains dstdomain "/etc/squid/blocked_domains" http_access deny blocked_domains

   1 2	acl blocked_domains dstdomain "/etc/squid/blocked_domains" http_access deny blocked_domains

   Save changes and close the file.

5. Block Specific Keywords:

   Similarly, create a new file where you will list the keywords you want to block. Let’s create a file called blocked_keywords in the /etc/squid/ directory:

   sudo nano /etc/squid/blocked_keywords 
   

   Add the keywords you want to block, one per line. For example:

   gambling adult

   1 2	gambling adult

   Then save and close the file.

   Open the Squid configuration file:

   sudo nano /etc/squid/squid.conf 
   

   Add the following lines at the bottom (or anywhere you see fit):

   acl blocked_keywords url_regex -i "/etc/squid/blocked_keywords" http_access deny blocked_keywords

   1 2	acl blocked_keywords url_regex -i "/etc/squid/blocked_keywords" http_access deny blocked_keywords

   Save and close the file.

Step 3: Restarting Squid

After making changes in the Squid configuration file, you must restart Squid for changes to take effect:

sudo systemctl restart squid 

Step 4: Configuring Firewall (Optional)

If you are running a firewall, you may need to allow the Squid port through it. In case you’re using UFW, you can do this with the following command (assuming you set Squid to run on port 8080):

sudo ufw allow 8080/tcp 

Step 5 — Testing Squid Proxy

To verify that Squid is working as expected, you can use the curl command from a system that falls under the IP range you allowed in the Squid configuration (assuming Squid server’s IP is 192.168.1.100 and port is 8080):

curl -x http://192.168.1.100:8080 -I http://www.google.com 

If Squid is working correctly, the output should show the HTTP response headers of the Google homepage, and one of the lines should be Via: 1.1 squid.

Conclusion

With this comprehensive guide, you’ve successfully installed, configured, and customized a Squid Proxy Server on Debian. We’ve covered how to set access controls, adjust cache parameters, modify the default listening port, and manage firewall rules to allow proxy traffic. Furthermore, you’ve also learned how to bolster network integrity and enforce access policies by blocking specific domains and keywords.

Remember, Squid Proxy Server has an extensive range of features and settings that can be tweaked according to your specific needs and requirements. What we’ve explored is just a snapshot of its capabilities. As you continue to use Squid, you may find it beneficial to delve into more advanced features, such as setting up SSL Bump, configuring a hierarchy of proxies, and tuning performance parameters.

Finally, always ensure you thoroughly test any changes made to your Squid configuration. It’s vital to prevent any accidental disruptions to network services or unintended blocking of necessary resources. Regularly reviewing your Squid log files can also provide invaluable insights into network usage patterns and potential issues.

Happy networking with your new Squid Proxy Server!