Setup Squid proxy on Debian Linux
Squid is a free & open-source full featured web proxy cache server released under GPL 3, which can be used in many other ways like a web server caching daemon to speed up websites loading, cache DNS lookups, filter the traffic and many other network protocols, right now, Squid server supports HTTP and FTP protocols, there is a limited support to other protocols like TLS and SSL, it was first released in 1996.
Installation
Squid it’s available on Debian, so we can install Version 3 with the command:
aptitude -y install squid3
This automatically install also all the requirements that we need.
Configuration
The default configuration file for squid is located under /etc/squid3/squid.conf . This file contains some configuration directives that needs to be configured to affect the behavior of the Squid.
For a simple setup, we just need to change some parameters to allow only our IP or LAN to use Squid and change the listening port.
Open this file for editing using Vi or your favorite editor and make changes as shown below.
vi /etc/squid3/squid.conf
Find the following line
#acl localnet src 10.0.0.0/8
This line create an acl (access control list) with name localnet, declaring as ip belonging to this rule all those in the LAN 10.0.0.0/8
Add your IP or LAN to localnet access list.
acl localnet src yourIP
or
acl localnet src yourIP/24
now you must add another parameter to match this change, search for the string:
http_access allow localhost
and ADD also the line
http_access allow localnet
Change standard port
For security reasons it is recommended not to use the default port when possible, so I suggest to search for this line:
http_port 3128
And change the 3128 to any other port number > 1024.
After making above changes, you may restart the Squid proxy server using the command.
sudo service squid3 restart OR sudo /etc/init.d/squid3 restart
Now to test that your proxy server is working or not, you may open Firefox and go to Menu –> Options –> Advanced –> Network –> Settings and select “Manual proxy configuration” and enter your proxy server IP address and Port to be used for all connection as it follows.
Once you fill all the required proxy details, you will be able to surf the Web using your Squid proxy server, you may do the same thing in any other browser or program you want.
To make sure that you are surfing the web using your proxy server, you may visit http://www.whatismyip.net/ .
Anonymous Browsing
By default squid forwards the client IP to the respective website, but to set up an anonymous proxy we will disable it to hide client IPs and send only IPs which are configured on the squid server. Find the following line in the file /etc/squid3/squid.conf:
forwarded_for on
Change it to:
forwarded_for off
And add at the bottom of the squid.conf file the following instructions:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all |
All done, save the file and restart squid with the command:
sudo service squid3 restart OR /etc/init.d/squid3 restart