~ Squid Proxy Server Setup ~

1) Update Ubuntu Server

- apt update
- apt upgrade

2) Installing Squid Server

- apt show squid
- apt install squid

3) Configuring Squid Server

- cp -v /etc/squid/squid.conf{,.factory}

- Open the squid config file using vi text editor

= vim /etc/squid/squid.conf
= change squid port and listing IP address
= default port is TCP 3128
+ http_port 3269

= change accordingly
+ http_port 10.209.35.84:3269
= Define SSL and safe ports that you would like to allow
= Adapt to list your (internal) IP networks from where browsing should
be allowed
= Define your LAN acl as follows
+ acl mylan src
+ 10.209.35.84/24
= We can also define other domains that you wish to block
= if you have multiple IP addresses assigned to your server we can
chane proxy server outgoing IP address as follows:
+ tcp_outgoing_address x.x.x.x
= Set cache memory size as per your neeeds
+ cache_mem 256 MB
= Specify a list of DNS name servers to use
+ dns_nameserver 127.0.0.1

= Verify that config options are valid

= To parse and test configuration file, enter:
+ /usr/sbin/squid -k check
+ echo $?
+ /usr/sbin/squid -k parse

4) Start/Stop/Restart Squid
- First, turn on Squid service at boot time using the systemctl command:
= systemctl enable
squid.service
- The syntax is as follows:
= Start the Squid server

systemctl start
squid.service

Stop the Squid server

systemctl stop
squid.service

= OR
= squid -k shutdown
 Restart the Squid server

systemctl restart
squid.service

- Find the Squid service status

= systemctl status
squid.service
- Reload the Squid after config changes gracefully
- Whenever you make changes to the squid.conf, reload it as follows:
= squid -k reconfigure
= OR
= systemctl reload
squid.service

5) Block domains
- example (blocking twitter.com and facebook.com)
= acl socialsite dstdomain.twitter.com
= acl socialsite dstdomain.facebook.com
= http_access deny socialdiste

6) Block URLs using keywords

- Say if any url contains keyword such as "foo" or "browse.php?u=" block it
sing the url_regex acl:
= acl urlkeywordsblocks
url_regex -i
"https://1118798822.rsc.cdn77.org/etc/squid/blocked-urls-
keyword.conf"
- http_access deny urlkeywordsblocks
= Create a file named
/etc/squid/blocked-urls-keyword.conf as follows:

sudo vim /etc/squid/blocked-urls-keyword.conf

- Append the urls/keywords:
= foo
= browse.php?u=

7) Configure web browser

- In the upper right-hand corner, click on the hamburger icon to open
firefox's menu
- Click on the preferences link
- Scroll down to the Network Settings section and click on the Settings ...
button
- A new window will open
- Select the manual proxy configuration radio button.
- Enter your Squid server IP address in Port field.
- Select the Use this proxy server for all protocols checkbox.
- Click on the OK button to save the settings.
- Firefox Squid Proxy
- At this point, your Firefox is configured, and you can browse the Nternet
through the Squid proxy. To verify it, open google.com, type "what is my ip: and
you should see your Squid server IP address.
6)