Squid is one of the most used proxy servers for controlling internet access from the local network and securing the network from illegitimate traffic and attacks. They are placed between the client and the internet. All the requests from the client are routed through an intermediate proxy server. Squid works for a number of services like HyperText Transport Protocol (HTTP), File Transfer Protocol (FTP), and other network protocols.

Besides serving as a proxy server, Squid is mostly used for caching frequently visited web pages from a web server. So when a user requests a page from a web server, the requests first go through the proxy server to check if the requested content is available. This reduces the server load and bandwidth usage and speeds up the content delivery, thus improving the user’s experience.

Squid can also be used to become anonymous while surfing the internet. Through Squid proxying, we can access the restricted content of a particular country.

This guide will see how to install and configure Squid Proxy server on Debian 10(Buster).

Prerequisites:

1. “sudo” access to the system upon which Squid will be installed.
2. Basic knowledge of Debian based Linux terminal commands.
3. Basic knowledge of using a Proxy server.

Steps For Installing squid on Debian 10(Buster)

1) First update the repository and packages on Debian 10(Buster)

2) Now install Squid package with the following command:

The installation process is pretty straight forward. It will automatically install any required dependency.

3) Now go to the main configuration file of the Squid Proxy Server located in /etc/squid/squid.conf.

Note: In order to stay safe, take the backup of this file.

4) To allow HTTP proxy server access for anyone, go to the line containing the string “http_access deny all” and change it to “http_access allow all” . If you are using vi or vim editor, you can directly go to this particular string using forward-slash(/) search.

Now just remove the “#” symbol at the start of this string to uncomment the line.

We will only allow localhost and our local network (LAN) devices to use Squid for more precise control. For this, we will change the squid.conf file as below:

 “http_access deny localnet” to “http_access allow localnet” 

 “http_access deny localhost” to “http_access allow localhost”.

Now restart Squid service to apply changes.

5) Now go to the line specifying the “http_port” option. It contains the port number for Squid proxy servers. The default port number is 3218. If for some reason, like port number conflict, you can change the port number to some other value as shown below:

6) You can also change the hostname of the Squid proxy server with the visible_hostname option. Also restart the Squid service each time the configuration file is modified. Use  the following command:

7) Configuring Squid ACL

a) Define a rule to only allow a particular IP address to connect.

Go to the line containing the string #acl localnet src and uncomment it. If the line is not there, just add a new one. Now add any IP you want to allow access from the Squid server. This is shown below:

Save the file and restart the squid server.

b)  Define a rule to open a port for connection.

To open a port, uncomment the line “#acl Safe_ports port” and add a port number you want to allow:

Save the file and restart the squid server.

c) Use Squid Proxy to block access to specific websites.

To block access to certain websites using Squid, create a new file called blocked.acl in the same location as squid.conf.

Now specify websites you want to block by stating their address starting with a dot:

.youtube.com

.yahoo.com

Now again open the squid configuration file and look for the line “acl blocked_websites dstdomain”. Add the location of the file “blocked.acl” here as shown below:

Also add a line below this as:

Save the file and restart the squid server.

Similarly, we can create a new file to store the IP addresses of allowed clients that will use the Squid proxy.

Now specify IP addresses you want to allow and save the file. Now create a new acl line in the main config file and allow access to the acl using the http_access directive. These steps are shown below:

Save the file and restart the squid server.

Note: We can also add the IP addresses of allowed and denied clients in the main configuration file, as shown below:

d) Changing squid port

The default port of Squid is 3128, which can be changed from squid.conf to any other value as shown below:

Save the file and restart the squid server.

Configuring Client for the Squid Proxy Server

The best thing with Squid is that all the configuration is to do on the server-side itself. To configure the client, you just need to input the squid setting in the web browser’s network setting.

Let’s do a simple test of proxying with Firefox web browser. Just go to Menu > preferences > Network Settings > Settings.

A new window will open up. In “Configure Proxy Access to the Internet” section select “Manual proxy configuration”. The text box labelled as “HTTP Proxy” but the Squid proxy server’s IP address. The in-text box labelled as Port, enter the port number you specified in “http_port” inside the squid.conf file.

In the search tab of the browser,  go to any website address(www.google.com). You should be able to browse that website. Now return to Squid browser and stop the service by the command:

Again check the url of the website by refreshing the page. This time you would see the below error:

There is a lot of things we can do with Squid. It has vast documentation available at its official site. Here you can learn how to configure Squid with third-party applications, Configure Proxy Authentication and much more. Meanwhile, try blocking a specific website, IPs, change Squid default port, deploy Caching to Speed Up Data Transfer.

Squid proxy is a web proxy application that can be installed and set up on Linux and other Unix-like operating systems. It is used to increase web browsing speed by caching the website’s data, controlling web traffic, security, and DNS lookups. The squid proxy server acts as an intermediate between the client (web browsers, etc.) and the internet. It is compatible with web protocols HTTP and HTTPS, as well as other protocols like FTP, WAIS, etc.

How to Install Squid Proxy?

To install squid proxy on Linux, first, update the system packages by executing the following command:

Once you have updated your system, you can install squid proxy by typing this command:

Squid proxy will be installed. To start and see the status of Squid proxy, execute these commands:

Configuration for Your Web Browser

Before you make any changes to the squid configuration file, you have to change some settings in your web browser. So, open your web browser and open “network settings”, then proceed to “proxy settings”. Click on the “manual proxy” configuration, then write the IP_Address of your squid proxy server in the HTTP proxy bar and port no (by default, squid proxy port is 3128). Now, the squid proxy will go through your IP_Address. You can check it by typing any URL in your web browser; it will give you an error saying access denied, and to allow the access, we have to make changes in the squid configuration file.

Squid Proxy Configuration

You can access the squid configuration file in the directory “etc/squid/squid.conf”.

Make a copy of the “squid.conf” file as a backup file if we want to make changes to the “squid.conf” file.

Now that a copy has been made as a backup file, we can make changes in the “squid.conf” file.

To open “squid.conf” file in vim, type this command:

Go to the line http_access deny all.

Change it to:

http_access allow all

Now, check your web browser again, type any URL, and it should be working.

ACL (Access Control List)

There is another case used in squid proxy that allows you to also control the access to different websites (web traffic) by either allowing or blocking them. To do so, go to the line “acl CONNECT method CONNECT”.

And below this line, write the ACL (access control list) to block the websites you want.

acl block_websites dstdomain .facebook.com .youtube.com .etc.com

Then deny the statement.

http_access deny block_websites

Save the changes, and to check whether your blocked websites are blocked or not, restart your squid service and verify the URL in your web browser.

You can also block a user from downloading specific files like audio and video files using ACL.

acl  media_files  urlpath_regex -i  \.(mp3|mp4|FLV|AVI|MKV)

It will prevent the user from downloading audio or video files with extensions like mp3, mp4, FLV, etc. Add any file extension you want to prevent from downloading. Now, below this line, write the deny statement.

http_access deny media_files

The media files will then be blocked from downloading.

Caching Web Pages

Proxy servers are also used for boosting the network performance by loading the web page faster by caching the website’s data. You can also change the directory location where cached data should be stored. Moreover, you can also change the cache file size and no. of directories in which data would be saved.

To make changes, open “squid.conf” file and go to the following line:

#chache_dir ufs /opt/squid/var/cache/squid 100 16 256

This line will be commented by default, so uncomment this line by removing the # sign.

In the above line, there is a phrase “100 16 256”. The 100 shows the size of the cache file, and you may change it to any size like 300. 16 shows the number of directories in which the cache file is saved. 256 shows the no. of subdirectories.

chache_dir ufs /opt/squid/var/cache/squid 300 20 260

You can also change the size of the cache file by adding the following line in the “squid.conf” file:

cache_mem 300 MB

If you want to change the path of the cache file directory, type the following command:

To change the ownership of the cache directory to squid proxy, you have to execute this command:

Now, stop the squid service using this command:

And then run the command with this command:

It will make the missing cache directories in the new cache directory.

Now, start the squid service again using the command below:

Conclusion

We have discussed how to install and configure Squid proxy. It is very simple and easy to use and has vast applications. Squid proxy is a very good tool that can be used in organizations or by small internet service providers to control web traffic and internet access. It boosts web browsing speed and provides security mechanisms for web traffic.