Sam - March 7, 2017

How to create your own HTTP Proxies using Squid Proxy on Ubuntu 16.04

Introduction

Squid is an open Open Source full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. It has extensive access controls and makes a great server accelerator. A Squid proxy server is generally installed on a separate server than the Web server with the original files that works by tracking object use over the network. Squid will initially act as an intermediary, simply passing the client’s request on to the server and saving a copy of the requested object. If the same client or multiple clients request the same object before it expires from Squid’s cache, Squid can then immediately serve it, accelerating the download and saving bandwidth.

Squid is used by hundreds of Internet Providers in the World to provide their users with the best possible web access. It runs on most available operating systems, including Windows and is licensed under the GNU GPL. Let’s see how you can setup your Squid Proxy Server to create your own proxies on Ubuntu 16.04 by following the instructions in this article.

Step 1: Preparing your Ubuntu Server

In order to setup your own Squid proxy server on Ubuntu 16.04. You need to login on your system with sudo or root user credentials. To do so connect to your Ubuntu serer using Putty or with ssh.

ssh root@your_server_ip

The next you need to set up an alternative user account with a reduced scope of influence for day-to-day work.

# adduser kash

You will be asked few questions, starting with the account password and fill in any of the additional information if you would like as its optional.

Find the perfect Proxy Product.

Proxyrack offers a multiple options to suit most use cases, if you are unsure our 3 Day Trial allows you to test them all.
Security

Residential proxies

Never get blocked, choose your location
View all option available
Vault

Datacenter proxies

Super fast and reliable
View all option available
Try

3 Day Trial

Test all products to find the best fit
View all option available

Next allow this user to root user privileges adding it to sudoers group.

# usermod -aG sudo kash

Now you can run commands with superuser privileges with sudo commands.

Once you have created your general user with sudo privileges, then update your system software for missing security patches and latest version updates available by using below command.

# sudo apt-get update && sudo apt-get -y upgrade

Once the your system is back with all updates and security patches, then move to the next step.

Step 2 : How to install Squid on Ubuntu 16

The installation of Squid proxy server on an Ubuntu server is pretty straightforward as its available in the Ubuntu repositories. Run the command below to install squid on your system as shown.

# sudo apt-get install squid

Type ‘Y’ for yes and hit ‘Enter’ key to continue installing the squid package along with its required dependencies.

Step 3: How to Configure Squid Proxy Server

The default configuration file for squid is located under ‘/etc/squid/squid.conf‘ which contains some configuration directives that needs to be configured to affect the behavior of the Squid. To edit the configuration file, first take the backup of the original file so that we can revert any changes that goes wrong.

# cp /etc/squid/squid.conf /etc/squid/squid.conf.org

Squid listens on port 3128 by default and if you would like to change the default listening port you can do by to editing the ‘http_port’ directive in the configuration file.

# vim /etc/squid/squid.conf
http_port 3128

Next to allow access to the HTTP proxy server from all IP addresses, you need to edit the ‘http_access’ directive as by default, the HTTP proxy server will not allow access to anybody.

http_access allow all

Save and close the configuration file and make sure to restart squid server service to impact the changes.

Step 4: Using Squid as an HTTP Proxy

To use Squid as an HTTP proxy, let’s configure it to use only the client IP address for authentication and restrict all other access.

Open the configuration file using any of your favourite editor to add a new ACL in it.

# vim /etc/squid/squid.conf
acl k_vm src 111.11.11.11  # Your Servers IP 
 http_access allow k_vm

Here k_vm is a name identifying the connection to our VM and ‘111.11.11.11’ is our local IP address, so you can replace this with your own IP and Hostname.

Save and close the using using ‘:wq!’ and restart squid service by issuing below command.

# systemctl restart squid

Next, we are going test our proxy server functionality if its working fine or not. To do so open your favourite web browser, like if you are using firefox then go the Options > Advanced > Network > Connection Settings and select Manual Proxy Configurations provided by the IP address of your squid server and its port as shown.

That’s it, now click on ‘OK’ key to continue working under the limits of your squid proxy server and like the same way you can do the same settings for any other web browser.

Now you may check the logs files if you faced any errors or if you want to know which websites are being visited by people using Squid proxy settings using squid logs files located in ‘/var/log/squid/’ directory.

# more /var/log/squid/access.log
# more /var/log/squid/cache.log

You can also change the default location of your logs files by making changes in the Squid configuration file.

Step 5: Setup Basic User and Password Authentication in Squid

Now let’s see how we can configure Squid Proxy server that allows authenticated access to the Squid service using usernames and passwords. We are going to use “ncsa_auth” that allows Squid to read and authenticate user and password information from an NCSA httpd-style password file when using basic HTTP authentication.

Open the squid configuration file to add following line

# vim /etc/squid/squid.conf
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

Save and close the configuration file and then run below command to create a new empty file for storing squid credentials.

#touch /etc/squid/passwd

Next we will be using below command to generate password for a user like ‘kash’ that will going to access the squid proxy server. You will be required to type the password for this as shown.

# htpasswd -c /etc/squid/passwd kash

The ‘-c’ argument in this command will force the “htpasswd” to use CRYPT encryption of the password. After this restart your squid service so that the configuration can be updated.

# systemctl restart squid

When you open your web browser followed the FQDN or IP address of your squid proxy server, a popup will be opened for authentication. You need to provide the user and name and its password that we have created earlier.

Step 6: IP Whitelisting from Authentication

In this section we are going to configure Squid IP whitelist, to limit connections to Squid proxy server only from particular IPs and to to allow specific ip address to be exempted from all the restriction.

For this purpose we have to configure ACLs matching our desired IPs and use them together with http_access directive. Open the Squid configuration file to add following line to allow an IP address to connect to the Squid proxy.

# vim /etc/squid/squid.conf
# Allowed clients
 acl white_list src xx.xx.xx.xx
 http_access allow white_list
 http_access deny all

You can add multiple IPs to whitelist and make sure that the last entry, always below ALLOW entries. For multiple IPs whitelisting you will create list of ip address in a file then point this file in acl by giving path.

# vim /etc/squid/allowed_ips.txt
xx.xx.xx.1
xx.xx.xx.2
xx.xx.xx.3
xx.xx.xx.4

Save and close the file and then put the following two lines in ‘squid.conf’ file but make sure to add this ACL above to any restricted Access List.

acl allowed_ips src “/etc/squid/allowed_ips.txt”
http_access allow allowed_ips

That’s it, save and close the configuration file and restart your squid service to make your whitelisted IPs working.

# systemctl restart squid

Conclusion

In this article you have learnt about the basic server setup for Ubuntu, and the installation and configuration of Squid Proxy server on Ubuntu 16.04. At the end this article you will be able to use Squid for caching. This means the contents of site A are saved locally at your Squid. When a second user requests site A Squid will deliver the content. So the user has it some what faster. You can control the traffic for malicious content and if found, remove it. You can restrict the access to certain websites. Of course there are some „bad“ things Squid allows you to do (Control your users, record which sites they visit etc.).

Find the perfect Proxy Product.

Proxyrack offers a multiple options to suit most use cases, if you are unsure our 3 Day Trial allows you to test them all.
Security

Residential proxies

Never get blocked, choose your location
View all option available
Vault

Datacenter proxies

Super fast and reliable
View all option available
Try

3 Day Trial

Test all products to find the best fit
View all option available

Get Started by signing up for a Proxy Product