How to Install Squid Proxy on Ubuntu 20.04 Tutorial (Step by Step)
How to Install Squid Proxy on Ubuntu 20.04. In this article we will introduce what is a Squid Proxy with its feature and illustrate the installation steps on Ubuntu 20.04. Let’s start!
What is Squid Proxy
Squid is a Unix based proxy server used for caching Internet content, which is closer to the requestor than its original point of origin. It is capable of supporting multiple web objects as well as those that can be accessed via HTTP and FTP. This process of caching frequently searched web pages, media files and other content increases the response time and eliminates bandwidth bottlenecks.
Squid Proxy server is installed on different servers and tracks objects usage across different networks. It acts as an intermediary as it only sends the client’s request to the server and keeps a copy of the requested objects. Before exiting the Squid cache, if the same client or multiple clients requests the same object, it serves it immediately to them, thereby increasing the downloading time and saving the bandwidth.
In a nutshell, Squid Proxy is a server that is available as free and open source software and can be used under the Free Software Foundation’s GNU General Public License (GPL). The Squid was originally designed to run on Unix based systems but can also run on Windows machines.
Benefits of Squid Proxy
Deploying a Squid Proxy server provides you with the following benefits:
Caching Web – It speeds up a web server by caching repeated requests so that they can be handled locally instead of heading out to the source.
Security Tool – Squid helps in increasing network security by filtering incoming traffic. This way, it restricts external clients from passing through the proxy without authorization. It also stops malicious websites from attacking any users that may have stumbled onto some malicious code.
Authentication – You can also configure Squid to define the Access Control List (ACL), which sets the permission of who can access the proxy resources.
Domain Name System (DNS) Server – It can also be used as a Doman Name System (DNS) Server that is proven to be effective in resolving hostnames with the help of DNS third party applications or through a built in internal DNS client.
Load Sharing – During traffic surges or unexpected bandwidth clogging, Squid Proxy can be used to configure or distribute loads over intercommunicating hierarchies of proxy servers. This way, the response time becomes faster and the traffic is decongested.
Corporate Censorship – Squid is a proxy server that either allows or denies access to specific websites. It configures the permissions based on the time of the workday.
In this post, we will show you how to install Squid Proxy on Ubuntu 20.04.
Install Squid Proxy on Ubuntu 20.04
Prerequisites
By default, the Squid Proxy package is included in the Ubuntu default repository. You can check it with the following command:
apt-cache policy squid
You will get the following output:
squid:
Installed: (none)
Candidate: 4.10-1ubuntu1.5
Version table:
4.10-1ubuntu1.5 500
500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
4.10-1ubuntu1 500
500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages
Now, install the Squid Proxy package by running the following command:
apt-get install squid -y
Once the installation is completed, start the Squid service and enable it to start at system reboot:
systemctl start squid
systemctl enable squid
You can also verify the status of the Squid Proxy with the following command:
systemctl status squid
You will get the following output:
● squid.service - Squid Web Proxy Server
Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-04-22 05:59:32 UTC; 11s ago
Docs: man:squid(8)
Main PID: 1190 (squid)
Tasks: 4 (limit: 2348)
Memory: 16.0M
CGroup: /system.slice/squid.service
├─1190 /usr/sbin/squid -sYC
├─1192 (squid-1) --kid squid-1 -sYC
├─1211 (logfile-daemon) /var/log/squid/access.log
└─1217 (pinger)
Apr 22 05:59:32 ubuntu squid[1192]: Max Swap size: 0 KB
Apr 22 05:59:32 ubuntu squid[1192]: Using Least Load store dir selection
Apr 22 05:59:32 ubuntu squid[1192]: Set Current Directory to /var/spool/squid
Apr 22 05:59:32 ubuntu squid[1192]: Finished loading MIME types and icons.
Apr 22 05:59:32 ubuntu squid[1192]: HTCP Disabled.
Apr 22 05:59:32 ubuntu squid[1192]: Pinger socket opened on FD 14
Apr 22 05:59:32 ubuntu squid[1192]: Squid plugin modules loaded: 0
Apr 22 05:59:32 ubuntu squid[1192]: Adaptation support is off.
Apr 22 05:59:32 ubuntu squid[1192]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9
Apr 22 05:59:33 ubuntu squid[1192]: storeLateRelease: released 0 objects
Configure Authentication in Squid Proxy
Squid Proxy allows you to restrict the client to access the internet base on the authentication method. In this section, we will set up password based and IP based authentication.
Configure IP Based Authentication
Squid Proxy allows you to configure Squid to restrict users based on the user’s IP address. You can configure the IP based authentication by editing the Squid main configuration file:
nano /etc/squid/squid.conf
Add the following lines at the beginning of the file:
acl host1 src 172.16.0.100
acl host2 src 172.16.0.110
http_access allow host1 host2
Save and close the file when you are finished then restart the Squid service to apply the configuration changes:
systemctl restart squid
Where: 172.16.0.100 and 172.16.0.110 are the IP address of the remote hosts that can access the internet via Squid Proxy.
Configure Password Based Authentication
You can also configure Squid Proxy to restrict users based on the username and password to access the internet. First, install the Apache Utils package with the following command:
apt-get install apache2-utils -y
Next, create a user named host1 and set a password with the following command:
htpasswd /etc/squid/passwd host1
Set the password as shown below:
New password:
Re-type new password:
Adding password for user host1
Next, create a second user named host2 and set a password:
htpasswd /etc/squid/passwd host2
Set a password as shown below:
New password:
Re-type new password:
Adding password for user host2
Please edit the Squid configuration file:
nano /etc/squid/squid.conf
Add the following lines at the beginning of the file:
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the file then restart the Squid Proxy service to apply the configuration changes:
systemctl restart squid
Configure Squid to Anonymize Traffic
Next, you will also need to edit the Squid configuration file and define some rules to mask client IP addresses:
nano /etc/squid/squid.conf
Add the following lines at the beginning of the file:
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Save and close the file then restart the Squid Proxy service to apply the configuration changes:
systemctl restart squid
Test Squid Proxy
At this point, Squid Proxy is installed and configured with password based authentication. Now, it’s time to test the Squid Proxy server.
- Go to the remote system, open the Mozilla web browser, and click on the Edit => Preferences:
2. Scroll down the page and click on the Settings under the Network Settings:
3. Select the Manual proxy configuration, type your Squid Proxy server IP address, Squid Proxy port, select the Use this proxy server for all protocols check box and click on the OK button to save the settings.
4. Now, open another tab in your web browser and type the URL https://www.whatismyip.com/. You will be asked to authenticate your Squid Proxy server:
5. Provide your username, password, and click on the Sign in button. Once you are authenticated successfully, you should see the Whatismyipaddress page:
6. You can see the Squid Proxy server IP address on the above screen. That means all internet traffics are passed through the Proxy server.
How to Install Squid Proxy on Ubuntu 20.04 Conclusion
In this post, we explained how to install the Squid Proxy server on Ubuntu 20.04. We also explained how to configure IP and password based authentication in Squid. For more advanced configuration, visit the Squid Proxy documentation page.
