How to Install Squid Proxy on Debian 11 Tutorial (Step by Step)
How to Install Squid Proxy on Debian 11.Proxy Servers act as a gateway between clients and the Internet. It is one of the best techniques to prevent attacks from reaching out to your private networks. With the increasing cyberattacks, it has become vital to adopt a strategy that improves response time, reduces bandwidth congestion, distributes workload and secures your network.
Squid proxy is one such proxy server that makes a great server accelerator. It reuses the frequently requested web pages and accelerates the performance.
What is Squid Proxy?
Squid is a Unix based proxy server used to improve web server speed. The server helps cache the frequently requested Web pages and other content that further accelerates response time and reduce bandwidth congestion.
Installed on a separate server, it helps cache different web objects even the ones assessed via HTTP and FTP. But does not support the SOCKS protocol. The main role of the Squid proxy caching server is to track the use of web objects over the connected networks.
Squid acts as an intermediary between the client and the server to protect network security and ease the process. When a client passes a request to the server, it helps save the copy of the requested object and servers the same information if later requested by the same client or other clients. As a result, with the help of Squid, your response time improves and becomes fast.
Similarly, when the request is not passed to the web server each time on finding a similar requested object, the bandwidth remains free from sending and receiving.
Nowadays, people do a lot of streaming, downloading videos, and request for heavy media files. As a result, the server receives thousands of requests each second. If the proxy server in any way serves even 10/20 % of the common requests, the performance of your web server will make a boost.
Most media companies, content delivery networks, and ISPs use Squid Proxy Server to improve their download speed and minimize latency.
Benefits of Squid Proxy
Caches Web Object – The proxy server keeps the copy of requested web objects which help speed up the web server and ensures all requests are managed locally rather than sent each time to the original source.
Domain Name System (DNS) server – Another advantage of Squid is it can be used as a DNS server. It allows the use of in built internal DNS client or third-party DNS applications to resolve hostnames.
Improves network security – The proxy server filters all incoming traffic. As a result, any external client cannot attack the original source without passing through the proxy and authorization. Hence, by having a Squid, you can increase network security.
Load Sharing – On some days, there is a sudden burst of traffic, or you face unexpected bandwidth clogging. In such cases, Squid helps distribute loads over intercommunicating proxy servers. This also leads to faster response times.
Follow this post to learn how to install Squid Proxy on Debian 11.
Install Squid Proxy on Debian 11
By default, the Squid Proxy package is included in the Debian default repository. You can check it with the following command:
apt-cache policy squid
You will get the following output:
squid:
Installed: (none)
Candidate: 4.13-10
Version table:
4.13-10 500
500 http://debian.gtisc.gatech.edu/debian bullseye/main amd64 Packages
Install the Squid Proxy package by running the following command:
apt-get install squid -y
Once the installation is completed, start the Squid service and enable it to start at system reboot:
systemctl start squid
systemctl enable squid
You can also verify the status of the Squid Proxy with the following command:
systemctl status squid
You will get the following output:
● squid.service - Squid Web Proxy Server
Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-05-24 04:14:21 UTC; 12s ago
Docs: man:squid(8)
Process: 24961 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, status=0/SUCCESS)
Main PID: 24964 (squid)
Tasks: 4 (limit: 2341)
Memory: 15.7M
CPU: 268ms
CGroup: /system.slice/squid.service
├─24964 /usr/sbin/squid --foreground -sYC
├─24966 (squid-1) --kid squid-1 --foreground -sYC
├─24967 (logfile-daemon) /var/log/squid/access.log
└─24968 (pinger)
May 24 04:14:21 debian11 squid[24966]: Using Least Load store dir selection
May 24 04:14:21 debian11 squid[24966]: Set Current Directory to /var/spool/squid
May 24 04:14:21 debian11 squid[24966]: Finished loading MIME types and icons.
May 24 04:14:21 debian11 squid[24966]: HTCP Disabled.
May 24 04:14:21 debian11 squid[24966]: Pinger socket opened on FD 14
May 24 04:14:21 debian11 squid[24966]: Squid plugin modules loaded: 0
May 24 04:14:21 debian11 squid[24966]: Adaptation support is off.
May 24 04:14:21 debian11 squid[24966]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9
May 24 04:14:21 debian11 systemd[1]: Started Squid Web Proxy Server.
May 24 04:14:22 debian11 squid[24966]: storeLateRelease: released 0 objects
Configure IP Based Authentication in Squid Proxy
Squid Proxy allows you to configure Squid to restrict users based on the user’s IP address. You can configure the IP based authentication by editing the Squid main configuration file:
nano /etc/squid/squid.conf
Add the following lines at the beginning of the file:
acl host1 src 172.16.100.11
acl host2 src 172.16.100.12
http_access allow pc1 pc2
Save and close the file when you are finished then restart the Squid service to apply the configuration changes:
systemctl restart squid
Where: 172.16.100.11 and 172.16.100.12 are the IP address of the remote hosts that can access the internet via Squid Proxy.
Configure Password Based Authentication in Squid
You can also configure Squid Proxy to restrict users based on the username and password to access the internet. First, install the Apache Utils package with the following command:
apt-get install apache2-utils -y
Next, create a user named pc1 and set a password with the following command:
htpasswd -c /etc/squid/passwd pc1
Set the password as shown below:
New password:
Re-type new password:
Adding password for user pc1
Please create a second user named pc2 and set a password:
htpasswd -c /etc/squid/passwd pc2
Set a password as shown below:
New password:
Re-type new password:
Adding password for user pc2
Next, edit the Squid configuration file:
nano /etc/squid/squid.conf
Remove the first three lines which you have added in the previous step and add the following lines:
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the file then restart the Squid Proxy service to apply the configuration changes:
systemctl restart squid
Configure Squid to Anonymize Traffic
Next, you will also need to edit the Squid configuration file and define some rules to mask client IP addresses:
nano /etc/squid/squid.conf
Add the following lines at the beginning of the file:
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Save and close the file then restart the Squid Proxy service to apply the configuration changes:
systemctl restart squid
Test Squid Proxy
At this point, Squid Proxy is installed and configured with password based authentication. Now, it’s time to test the Squid Proxy server.
1. Go to the remote system, open the Mozilla web browser, and click on the Edit => Preferences:
2. Scroll down the page and click on the Settings under the Network Settings:
3. Select the Manual proxy configuration, type your Squid Proxy server IP address, Squid Proxy port, select the Use this proxy server for all protocols check box and click on the OK button to save the settings.
4. Now, open another tab in your web browser and type the URL https://www.whatismyip.com/. You will be asked to authenticate your Squid Proxy server:
5. Provide your username, password, and click on the Sign in button. Once you are authenticated successfully, you should see the Whatismyipaddress page:
Great effort! We have learned how to Install Squid Proxy on Debian 11 .
How to Install Squid Proxy on Debian 11 Conclusion
Squid is a web proxy cache which provides proxy and cache services for FTP, HTTP , SSL requests and DNS lookups. It does transparent caching to reduce bandwidth and improve response time by caching and reusing frequently requested web pages.
In this post, we explained how to install the Squid Proxy server on Debian 11. We also explained how to configure IP and password based authentication in Squid. For more advanced configuration, visit the Squid Proxy documentation page.
