How to Block Websites Using Squid Proxy Server

What Is Squid Proxy Server?

Squid is a Unix based web proxy application used to filter and cache web traffic and also block websites using a squid proxy. It is very useful for system administrators to keep track of network usage and restrict/allow access to certain areas of the internet.

Squid Proxy Server is considered the best solution for caching the most frequently accessed content and also gives you full control on applying restrictions on the network traffic. You can easily block, allow websites by domain name, keyword or extensions, restrict users, specify user’s network quota etc on the network using Squid.

During the early 1990s, Squid Proxy Server was used by Internet Service Providers (ISPs) to get faster download speeds and eliminate inactivity, especially while downloading substantial media and video streaming. Today, the web operators frequently used Squid as a content accelerator, caching viewed content, and effortless downloading on Web servers.

Squid Proxy

Multiple content delivery networks and media companies are utilizing Squid Proxy Server throughout their network. This way, they can focus on improving the experience of viewers requesting programming to balance the load and handle traffic spikes for famous content.

In simple terms, a Squid proxy is a web application that sits between a desktop computer and the internet and allows a client machine to make an indirect connection to network servers and services. There are several reasons why you should implement a proxy server on your network:

  • To implement internet access control
  • Hide the client’s IP address for anonymous surfing
  • To scan outbound content
  • To speed up internet surfing
  • To share the internet connection and restrict internet uses

In this post, we will explain how to block websites using Squid Proxy Server

Install Squid Proxy Server

By default, the Squid package is included in the Ubuntu 20.04 default repository. You can install it with the following command:

				
					apt-get install squid -y
				
			

Once the Squid package is installed, start the Squid service and enable it to start at system reboot:

				
					systemctl start squid
systemctl enable squid
				
			

To verify the status of the Squid, run the following command:

				
					systemctl status squid
				
			

You should see the following output:

				
					● squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-10-07 07:59:05 UTC; 30s ago
       Docs: man:squid(8)
   Main PID: 1275 (squid)
      Tasks: 4 (limit: 2353)
     Memory: 16.0M
     CGroup: /system.slice/squid.service
             ├─1275 /usr/sbin/squid -sYC
             ├─1277 (squid-1) --kid squid-1 -sYC
             ├─1280 (logfile-daemon) /var/log/squid/access.log
             └─1298 (pinger)

Oct 07 07:59:06 ubuntu2004 squid[1277]: Using Least Load store dir selection
Oct 07 07:59:06 ubuntu2004 squid[1277]: Set Current Directory to /var/spool/squid
Oct 07 07:59:06 ubuntu2004 squid[1277]: Finished loading MIME types and icons.
Oct 07 07:59:06 ubuntu2004 systemd[1]: /lib/systemd/system/squid.service:15: PIDFile= references a path below legacy directory /var/run/, upda>
Oct 07 07:59:06 ubuntu2004 squid[1277]: HTCP Disabled.
Oct 07 07:59:06 ubuntu2004 squid[1277]: Pinger socket opened on FD 14
Oct 07 07:59:06 ubuntu2004 squid[1277]: Squid plugin modules loaded: 0
Oct 07 07:59:06 ubuntu2004 squid[1277]: Adaptation support is off.
Oct 07 07:59:06 ubuntu2004 squid[1277]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9
Oct 07 07:59:07 ubuntu2004 squid[1277]: storeLateRelease: released 0 objects

				
			

To check the Squid version, run the following command:

				
					squid -v
				
			

You should get the following output:

				
					Squid Cache: Version 4.10
Service Name: squid
Ubuntu linux
				
			

By default, the Squid proxy listens on port 3128. You can verify it using the following command:

				
					ss -antpl | grep squid
				
			

Sample output:

				
					LISTEN    0         256                      *:3128                   *:*        users:(("squid",pid=1277,fd=12))                                               
				
			

Configure User Based Authentication

Next, you will need to configure authentication in Squid to accept connections and serve as an HTTP proxy. To do so, first install the apache2-utils package with the following command:

				
					apt-get install apache2-utils -y
				
			

Next, create a file to store the Squid users and passwords:

				
					touch /etc/squid/htpasswd
				
			

Next, create a new squid user with the name web1 using the following command:

				
					htpasswd /etc/squid/htpasswd web1
				
			

Set your user’s password:

				
					New password: 
Re-type new password: 
Adding password for user web1
				
			

Next, create a new squid user with the name web2 using the following command:

				
					htpasswd /etc/squid/htpasswd web2
				
			

Set your user’s password:

				
					New password: 
Re-type new password: 
Adding password for user web2
				
			

Next, verify both user’s password using the following command:

				
					cat /etc/squid/htpasswd
				
			

You should see the encrypted password in the following output:

				
					web1:$apr1$au9rdWGT$lu/AZ1VFZvePKZ3JphK7e1
web2:$apr1$XkHJH9p1$/OnOS1JbebBo8Wq0M5QV4/

				
			

Next, edit the Squid main configuration file to define the user authentication.

				
					nano /etc/squid/squid.conf
				
			

Add the following lines at the beginning of the file:

				
					auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

				
			

Save and close the file then restart the Squid service to apply the changes:

				
					systemctl restart squid
				
			

Configure Squid to Anonymize Traffic

Next, you will need to edit the Squid configuration file and add some rules to mask client IP addresses from the servers that receive traffic from your Squid HTTP proxy.

 

You can do it by editing the Squid default configuration file:

				
					nano /etc/squid/squid.conf
				
			

Add the following lines at the beginning of the file:

				
					forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

				
			

Save and close the file. Then, restart the Squid proxy service to apply the changes:

				
					systemctl restart squid
				
			

Block Websites Using Squid Proxy

Squid proxy allows you to block websites based on the domain name, URL, keyword and extensions. You will need to add some rules to achieve this.

Block Domains

If you want to block specific domains for users then edit the Squid configuration file:

				
					nano /etc/squid/squid.conf
				
			

Add the following rules at the beginning of the file:

				
					acl block dstdomain "/etc/squid/website_block.txt"
http_access deny block

				
			

Save and close the file then create a website_block.txt file with the following command:

				
					nano /etc/squid/website_block.txt
				
			

Add all domains that you want to block:

				
					.facebook.com
.twitter.com
.linkedin.com
www.pornhub.com
.instagram.com
www.badwebsites.com

				
			

Save and close the file then restart the Squid service to apply the changes:

				
					systemctl restart squid
				
			

Block URLs Using Keywords

Squid also allows you to block website URLs based on keywords. You can do it by editing the Squid configuration file:

				
					nano /etc/squid/squid.conf
				
			

Add the following rules:

				
					acl blockkeyword url_regex -i "/etc/squid/blockedurls.txt"
http_access deny blockkeyword
				
			

Save and close the file then create a blockedurls.txt file with the following command:

				
					nano /etc/squid/blockedurls.txt
				
			

Add all keywords that you want to block:

				
					sex
port
download

				
			

Save and close the file then restart the Squid service to apply the changes:

				
					systemctl restart squid
				
			

Block File Extensions

You can also restrict the users from downloading files with specific extensions.

				
					nano /etc/squid/squid.conf
				
			

Add the following rules:

				
					acl blockexentions urlpath_regex -i "/etc/squid/externsions.txt"    
http_access deny blockexentions
				
			

Save and close the file. Then, create a externsions.txt file:

				
					nano /etc/squid/externsions.txt
				
			

Add all the extensions that you want to block:

				
					.mp4
.mp3
.zip
.pdf
				
			

Save and close the file then restart the Squid service to apply the changes:

				
					systemctl restart squid
				
			

Configuring Clients to Connect through Squid Proxy Server

At this point, your Squid proxy server is configured. Now, you will need to configure your Client computer’s browser settings to use your Squid server as an HTTP proxy.

On the client computer, open the Mozilla firefox and click on the Edit => Preferences as shown below:

connect through squid proxy server

Scroll down to the Network Settings section and click on the Network Settings => Settings. You should see the following page:

configure squid proxy settings

Select the Manual proxy configuration radio button, enter your Squid server IP address in the HTTP Host field and 3128 in the Port field, select the Use this proxy server for all protocols check box and click on the OK button to save the settings.

Now, your browser is configured to browse the Internet through the Squid proxy. To verify it, type the URL https://www.whatismyip.com/. You will be asked to provide a username and password as shown below:

block websites with a squid proxy cache

Provide your Squid proxy server username and password which you have created earlier and click on the OK button. You should see the following page:

squid proxy server setup

On the above page, you should see your Squid server’s IP address instead of the IP address of your client computer.

To verify the website block, open your web browser and type the URL https://facebook.com. You should see that facebook.com is blocked by the Squid proxy server.

block facebook with squid proxy

Conclusion

In the above guide, we explained how to install the Squid proxy server on Ubuntu 20.04. We also explained how to set up user based authentication and block websites in Squid proxy. I can now implement this set up in your organization to restrict internet browsing based on users requirements.

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x