A proxy server has many use cases it could range from personal internet access to restrict organization systems/servers to access the external world or to limit external internet access for a set of servers on the cloud.In this blog we will be able to know how to setup your own free proxy server using squid proxy.
The best way to configure a proxy server is by using the Squid proxy. It is a widely used proxy server.
Squid is a Unix-based proxy server that caches Internet content closer to a requestor than its original point of origin.It is used to increase web browsing speed by caching the website’s data, controlling web traffic, security, and DNS lookups. The squid proxy server acts as an intermediate between the client (web browsers, etc.) and the internet.
NOTE: This blog is tested on Ubuntu .
In this article, we have covered the following.
- Install proxy server
- Configure the proxy server
- Configure basic proxy authentication.
Install Proxy Server: Squid Proxy
1.First Update the server
$ sudo apt update -y
2.Install Squid Proxy server.
$ sudo apt -y install squid
3. Now Start and enable squid service to start on system boot.
$ sudo systemctl start squid $ sudo systemctl enable squid
4. Finally verify the squid service status. You should be seeing the “active” status.
$ sudo systemctl status squid
Squid Proxy Port
By default, squid runs on port 3128 .You can check it using the following command.
If you are on cloud, make sure you allow 3128 in your firewall rules.Also, you can change the default 3128 port to a custom port by editing the following configuration in the squid.conf file.
$ sudo netstat -tnlp
Now we have a working squid proxy server. Next important step is to configure the squid proxy based on your needs.
Proxying Internet Connectivity
The primary use case for most of us have is to connect to the internet through a proxy server.
If you want to connect to internet through your proxy, you need to configure ACL (Access Control Lists)in your squid configuration.
Enable Squid ACL for Internet Connectivity
By default, all the incoming connection to the proxy server will be denied. We need to enable few configurations for the squid server to accept connections from other hosts.
Open /etc/squid/squid.conf file.
$ vim /etc/squid/squid.conf
Search for entry http access allow localnet in the file. By default, it will be commented out. Uncomment it.Next step is to add ACLs to the squid config file /etc/squid/squid.conf. ACL for localnet has the following format.
acl localnet src [source-ip-range]
You can whitelist the source IP ranges in the following ways.
- Single IP [220.127.116.11]
- A range of IPs [0.0.0.1-0.255.255.255]
- CIDR range [10.0.0.0/28]
Based on your requirements you can add the localnet acl.
Blocking Websites Using Squid Proxy
Another key use case of a squid proxy is to block certain websites being accessed . In this section we will look in to the steps to configure a website block list.
1: Create a block list file named
$ sudo vi /etc/squid/proxy-block-list.acl
2: Add the websites that has to blocked to the file as shown below.
.facebook.com .instagram.com .twitter.com
Note: Make sure you do not have any
http_access allow all rules above the block list rule. It will take precedence and the block list will not work.
3: Open the squid configuration file.
sudo vi /etc/squid/squid.conf
4: Add the following lines above the ACLs we have added in the previous steps.
acl bad_urls dstdomain "/etc/squid/proxy-block-list.acl" http_access deny bad_urls
5: Restart the squid server.
sudo systemctl restart squid
Test Squid Proxy Blocker Websites
Now if you try to access the websites which are in the block list, you will get a 403 error as shown below.
$curl -x http://[ip-address]:3128 -I https://instagram.com curl: (56) Received HTTP code 403 from proxy after CONNECT
You can use squid proxy in the following ways.
For Web Browsing
You can use squid proxy endpoint as your browser proxy. Each browser has its own proxy settings. You can add the proxy IP, port and authentication details if enabled.
If you have applications running on a private network and you want to connect to the internet for specific calls, you can use the proxy endpoint to route that outbound internet traffic.
Blocking Unwanted Website Access
Organizations use a proxy server to limit access to certain unwanted websites.
If you want to know more about proxy and reverse proxy you can visit to following link:
Squid proxy offers a variety of solution as a forward proxy. It is a best free proxy server software. Its implementation depends on your architecture and design.