Squid is a full-featured open source web proxy cache server that can be used by SME to large enterprise level networks to cache and proxy for FTP, HTTP, DNS lookups, and other protocols. Squid can also do caching and proxy for SSL requests. In this guide, we will cover how to install and configure Squid proxy server on Ubuntu 18.04 / CentOS 7.
For basics of how Proxy Servers work, check our guide on What are proxy servers and Types of Proxy Servers. In summary, it has extensive, granular access control mechanisms and you can monitor critical parameters using Simple Network Management Protocol (SNMP).
Install Squid proxy on Ubuntu 18.04 / CentOS 7
Squid proxy package is available from Ubuntu repositories. It can be installed by running the command:
sudo apt-get install squid
For CentOS 7, run:
sudo yum -y install squid
After the installation of the package, you’ll need to do a basic configuration before you can use Squid Proxy server.
Configuring Squid Proxy Server
The simplest configuration of Squid is as a forward proxy server. In this case, it will receive all requests from your servers and forward them accordingly. To configure Squid, edit the directives contained in the
$ sudo vim /etc/squid/squid.conf
Step 1: Define ACL for your internal trusted network:
Add the ACL after the line
acl lan src 192.168.18.0/24
Then allow access based on ACL defined above, add the line after
http_access allow localhost manager
http_access allow lan
Step 2: Configure client header requests to match
This should be put under the section
request_header_access Via deny all request_header_access X-Forwarded-For deny all request_header_access Referer deny all request_header_access Cache-Control deny all
This will turn headers off. The Via and Forwarded-For fields are configured to indicate that a request was forwarded by a proxy. This can expose your real IP by leaking the information that we’re using a proxy.
To remove more headers that can expose you, instead add:
via off forwarded_for off request_header_access From deny all request_header_access Via deny all request_header_access X-Forwarded-For deny all request_header_access Cache-Control deny all request_header_access X-Cache deny all request_header_access X-Cache-Lookup deny all request_header_access Server deny all request_header_access Link deny all request_header_access WWW-Authenticate deny all request_header_access Proxy-Connection deny all request_header_access Pragma deny all request_header_access Keep-Alive deny all
Restart squid proxy service after making the change:
sudo systemctl restart squid
Also, make sure the service is enabled star on boot.
sudo systemctl enable squid
The default service port used by squid is 3128. if you would like to change it, modify the line:
Confirm service status
# ss -tunelp | grep 3128 tcp LISTEN 0 128 *:3128 *:* users:(("squid",pid=14580,fd=11)) ino:41513 sk:9 v6only:0 <->
Step 3: Configure Firewall Service
For a running firewall service on Ubuntu or CentOS, open the port on the firewall,
$ sudo firewall-cmd --add-service=squid --permanent $ sudo firewall-cmd --reload or $ sudo ufw allow 3128/tcp
Configure Squid Client
Now that you have a proxy server ready, configure Client systems to connect.\
Example 1: Configure Proxy for HTTP,HTTPS & FTP
$ sudo vim /etc/profile PROXY_URL="http://192.168.18.2:3128/" export HTTP_PROXY=$PROXY_URL export http_proxy=$ROXY_URL export HTTPS_PROXY=$PROXY_URL export https_proxy=$PROXY_URL export FTP_PROXY=$PROXY_URL export ftp_proxy=$PROXY_URL
For Web browser:
Firefox: Navigate to Settings > Preferences > Network Proxy > Settings > Manual proxy configuration
Use this proxy server for all protocols