How to Block Websites Using Squid Proxy Server
What Is Squid Proxy Server?
Squid is a Unix based web proxy application used to filter and cache web traffic and also block websites using a squid proxy. It is very useful for system administrators to keep track of network usage and restrict/allow access to certain areas of the internet.
Squid Proxy Server is considered the best solution for caching the most frequently accessed content and also gives you full control on applying restrictions on the network traffic. You can easily block, allow websites by domain name, keyword or extensions, restrict users, specify user’s network quota etc on the network using Squid.
During the early 1990s, Squid Proxy Server was used by Internet Service Providers (ISPs) to get faster download speeds and eliminate inactivity, especially while downloading substantial media and video streaming. Today, the web operators frequently used Squid as a content accelerator, caching viewed content, and effortless downloading on Web servers.
Multiple content delivery networks and media companies are utilizing Squid Proxy Server throughout their network. This way, they can focus on improving the experience of viewers requesting programming to balance the load and handle traffic spikes for famous content.
In simple terms, a Squid proxy is a web application that sits between a desktop computer and the internet and allows a client machine to make an indirect connection to network servers and services. There are several reasons why you should implement a proxy server on your network:
- To implement internet access control
- Hide the client’s IP address for anonymous surfing
- To scan outbound content
- To speed up internet surfing
- To share the internet connection and restrict internet uses
In this post, we will explain how to block websites using Squid Proxy Server
Install Squid Proxy Server
By default, the Squid package is included in the Ubuntu 20.04 default repository. You can install it with the following command:
apt-get install squid -y
Once the Squid package is installed, start the Squid service and enable it to start at system reboot:
systemctl start squid
systemctl enable squid
To verify the status of the Squid, run the following command:
systemctl status squid
You should see the following output:
● squid.service - Squid Web Proxy Server
Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-10-07 07:59:05 UTC; 30s ago
Docs: man:squid(8)
Main PID: 1275 (squid)
Tasks: 4 (limit: 2353)
Memory: 16.0M
CGroup: /system.slice/squid.service
├─1275 /usr/sbin/squid -sYC
├─1277 (squid-1) --kid squid-1 -sYC
├─1280 (logfile-daemon) /var/log/squid/access.log
└─1298 (pinger)
Oct 07 07:59:06 ubuntu2004 squid[1277]: Using Least Load store dir selection
Oct 07 07:59:06 ubuntu2004 squid[1277]: Set Current Directory to /var/spool/squid
Oct 07 07:59:06 ubuntu2004 squid[1277]: Finished loading MIME types and icons.
Oct 07 07:59:06 ubuntu2004 systemd[1]: /lib/systemd/system/squid.service:15: PIDFile= references a path below legacy directory /var/run/, upda>
Oct 07 07:59:06 ubuntu2004 squid[1277]: HTCP Disabled.
Oct 07 07:59:06 ubuntu2004 squid[1277]: Pinger socket opened on FD 14
Oct 07 07:59:06 ubuntu2004 squid[1277]: Squid plugin modules loaded: 0
Oct 07 07:59:06 ubuntu2004 squid[1277]: Adaptation support is off.
Oct 07 07:59:06 ubuntu2004 squid[1277]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9
Oct 07 07:59:07 ubuntu2004 squid[1277]: storeLateRelease: released 0 objects
To check the Squid version, run the following command:
squid -v
You should get the following output:
Squid Cache: Version 4.10
Service Name: squid
Ubuntu linux
By default, the Squid proxy listens on port 3128. You can verify it using the following command:
ss -antpl | grep squid
Sample output:
LISTEN 0 256 *:3128 *:* users:(("squid",pid=1277,fd=12))
Configure User Based Authentication
Next, you will need to configure authentication in Squid to accept connections and serve as an HTTP proxy. To do so, first install the apache2-utils package with the following command:
apt-get install apache2-utils -y
Next, create a file to store the Squid users and passwords:
touch /etc/squid/htpasswd
Next, create a new squid user with the name web1 using the following command:
htpasswd /etc/squid/htpasswd web1
Set your user’s password:
New password:
Re-type new password:
Adding password for user web1
Next, create a new squid user with the name web2 using the following command:
htpasswd /etc/squid/htpasswd web2
Set your user’s password:
New password:
Re-type new password:
Adding password for user web2
Next, verify both user’s password using the following command:
cat /etc/squid/htpasswd
You should see the encrypted password in the following output:
web1:$apr1$au9rdWGT$lu/AZ1VFZvePKZ3JphK7e1
web2:$apr1$XkHJH9p1$/OnOS1JbebBo8Wq0M5QV4/
Next, edit the Squid main configuration file to define the user authentication.
nano /etc/squid/squid.conf
Add the following lines at the beginning of the file:
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the file then restart the Squid service to apply the changes:
systemctl restart squid
Configure Squid to Anonymize Traffic
Next, you will need to edit the Squid configuration file and add some rules to mask client IP addresses from the servers that receive traffic from your Squid HTTP proxy.
You can do it by editing the Squid default configuration file:
nano /etc/squid/squid.conf
Add the following lines at the beginning of the file:
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Save and close the file. Then, restart the Squid proxy service to apply the changes:
systemctl restart squid
Block Websites Using Squid Proxy
Squid proxy allows you to block websites based on the domain name, URL, keyword and extensions. You will need to add some rules to achieve this.
Block Domains
If you want to block specific domains for users then edit the Squid configuration file:
nano /etc/squid/squid.conf
Add the following rules at the beginning of the file:
acl block dstdomain "/etc/squid/website_block.txt"
http_access deny block
Save and close the file then create a website_block.txt file with the following command:
nano /etc/squid/website_block.txt
Add all domains that you want to block:
.facebook.com
.twitter.com
.linkedin.com
www.pornhub.com
.instagram.com
www.badwebsites.com
Save and close the file then restart the Squid service to apply the changes:
systemctl restart squid
Block URLs Using Keywords
Squid also allows you to block website URLs based on keywords. You can do it by editing the Squid configuration file:
nano /etc/squid/squid.conf
Add the following rules:
acl blockkeyword url_regex -i "/etc/squid/blockedurls.txt"
http_access deny blockkeyword
Save and close the file then create a blockedurls.txt file with the following command:
nano /etc/squid/blockedurls.txt
Add all keywords that you want to block:
sex
port
download
Save and close the file then restart the Squid service to apply the changes:
systemctl restart squid
Block File Extensions
You can also restrict the users from downloading files with specific extensions.
nano /etc/squid/squid.conf
Add the following rules:
acl blockexentions urlpath_regex -i "/etc/squid/externsions.txt"
http_access deny blockexentions
Save and close the file. Then, create a externsions.txt file:
nano /etc/squid/externsions.txt
Add all the extensions that you want to block:
.mp4
.mp3
.zip
.pdf
Save and close the file then restart the Squid service to apply the changes:
systemctl restart squid
Configuring Clients to Connect through Squid Proxy Server
At this point, your Squid proxy server is configured. Now, you will need to configure your Client computer’s browser settings to use your Squid server as an HTTP proxy.
On the client computer, open the Mozilla firefox and click on the Edit => Preferences as shown below:
Scroll down to the Network Settings section and click on the Network Settings => Settings. You should see the following page:
Select the Manual proxy configuration radio button, enter your Squid server IP address in the HTTP Host field and 3128 in the Port field, select the Use this proxy server for all protocols check box and click on the OK button to save the settings.
Now, your browser is configured to browse the Internet through the Squid proxy. To verify it, type the URL https://www.whatismyip.com/. You will be asked to provide a username and password as shown below:
Provide your Squid proxy server username and password which you have created earlier and click on the OK button. You should see the following page:
On the above page, you should see your Squid server’s IP address instead of the IP address of your client computer.
To verify the website block, open your web browser and type the URL https://facebook.com. You should see that facebook.com is blocked by the Squid proxy server.
Conclusion
In the above guide, we explained how to install the Squid proxy server on Ubuntu 20.04. We also explained how to set up user based authentication and block websites in Squid proxy. I can now implement this set up in your organization to restrict internet browsing based on users requirements.
