Squid is a Unix based web proxy application used to filter and cache web traffic and also block websites using a squid proxy. It is very useful for system administrators to keep track of network usage and restrict/allow access to certain areas of the internet.
Squid Proxy Server is considered the best solution for caching the most frequently accessed content and also gives you full control on applying restrictions on the network traffic. You can easily block, allow websites by domain name, keyword or extensions, restrict users, specify user’s network quota etc on the network using Squid.
During the early 1990s, Squid Proxy Server was used by Internet Service Providers (ISPs) to get faster download speeds and eliminate inactivity, especially while downloading substantial media and video streaming. Today, the web operators frequently used Squid as a content accelerator, caching viewed content, and effortless downloading on Web servers.
Multiple content delivery networks and media companies are utilizing Squid Proxy Server throughout their network. This way, they can focus on improving the experience of viewers requesting programming to balance the load and handle traffic spikes for famous content.
In simple terms, a Squid proxy is a web application that sits between a desktop computer and the internet and allows a client machine to make an indirect connection to network servers and services. There are several reasons why you should implement a proxy server on your network:
To implement internet access control
Hide the client’s IP address for anonymous surfing
To scan outbound content
To speed up internet surfing
To share the internet connection and restrict internet uses
In this post, we will explain how to block websites using Squid Proxy Server
Next, you will need to configure authentication in Squid to accept connections and serve as an HTTP proxy. To do so, first install the apache2-utils package with the following command:
apt-get install apache2-utils -y
Next, create a file to store the Squid users and passwords:
touch /etc/squid/htpasswd
Next, create a new squid user with the name web1 using the following command:
htpasswd /etc/squid/htpasswd web1
Set your user’s password:
New password:
Re-type new password:
Adding password for user web1
Next, create a new squid user with the name web2 using the following command:
htpasswd /etc/squid/htpasswd web2
Set your user’s password:
New password:
Re-type new password:
Adding password for user web2
Next, verify both user’s password using the following command:
cat /etc/squid/htpasswd
You should see the encrypted password in the following output:
Next, you will need to edit the Squid configuration file and add some rules to mask client IP addresses from the servers that receive traffic from your Squid HTTP proxy.
You can do it by editing the Squid default configuration file:
nano /etc/squid/squid.conf
Add the following lines at the beginning of the file:
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Save and close the file. Then, restart the Squid proxy service to apply the changes:
Configuring Clients to Connect through Squid Proxy Server
At this point, your Squid proxy server is configured. Now, you will need to configure your Client computer’s browser settings to use your Squid server as an HTTP proxy.
On the client computer, open the Mozilla firefox and click on the Edit => Preferences as shown below:
Scroll down to the Network Settings section and click on the Network Settings => Settings. You should see the following page:
Select the Manual proxy configuration radio button, enter your Squid server IP address in the HTTP Host field and 3128 in the Port field, select the Use this proxy server for all protocols check box and click on the OK button to save the settings.
Now, your browser is configured to browse the Internet through the Squid proxy. To verify it, type the URL https://www.whatismyip.com/. You will be asked to provide a username and password as shown below:
Provide your Squid proxy server username and password which you have created earlier and click on the OK button. You should see the following page:
On the above page, you should see your Squid server’s IP address instead of the IP address of your client computer.
To verify the website block, open your web browser and type the URL https://facebook.com. You should see that facebook.com is blocked by the Squid proxy server.
In the above guide, we explained how to install the Squid proxy server on Ubuntu 20.04. We also explained how to set up user based authentication and block websites in Squid proxy. I can now implement this set up in your organization to restrict internet browsing based on users requirements.
I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.
51vote
Article Rating
Subscribe
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.