If you’re a sysadmin I probably don’t have to explain much about what a proxy is. However, I’m aware that not everyone handles these concepts so easily. So, a proxy is a device in computer science that performs the role of intermediary. For example, Internet access is full of Proxys where through it is that requests are made. Fortunately, in Linux, we have the fabulous Squid Proxy.
Squid Proxy is a veteran program that allows you to have a proxy server running on your system. It is one of the most popular applications in the entire Unix ecosystem. Obviously, it’s open source, which guarantees you won’t have license problems or anything similar. In addition, there is a large community of users willing to shield knowledge to this tool.
Some of its characteristics are:
- Open Source. Squid Proxy is distributed under the GPL license. Vital to have no licensing problems and be used in virtually any project.
- It specializes in Unix systems such as Linux.
- Being a proxy cache supports HTTP, HTTPS, and FTP. Basic internet services.
- SSL compatible to increase connection security.
And many others that have given the role of being practically a standard for Linux.
1. Install Squid Proxy
In this tutorial, I will use a server with Ubuntu 18.04. But, Squid Proxy can be easily installed on many Linux distributions. So, in Ubuntu, the installation process is really simple.
:~$ sudo apt install squid
Next, start, enable and check the service status.
:~$ sudo systemctl start squid :~$ sudo systemctl enable squid :~$ sudo systemctl status squid
And that’s. So, let’s configure it.
2.- Changing the Squid Proxy port
By default, Squid uses port 3128. For security reasons it is recommended to change the port where it works. So if you can, do it.
To do it, edit the
/etc/squid/squid.conf file and change the port.
:~$ sudo nano /etc/squid/squid.conf
Then, restart the service.
:~$ sudo systemctl restart squid
3. Setting some configurations
Now let’s do some basic configurations with Squid. Remember that its use is very wide and varies according to the server requirements.
First, I don’t think you want to, but you can allow or deny all HTTP traffic. This will remove Internet access from your entire network. So let’s go.
/etc/squid/squid.conf file. Remove the # at the beginning of the line to set the desired parameter.
:~$ sudo nano /etc/quid/quid.conf
You can also define which websites you want to remove access to. Very useful in organizations and at work.
In this case, I will use two websites. You can add what you want.
acl blocksite1 dstdomain espn.com acl blocksite2 dstdomain apple.com http_access deny blocksite1 http_access deny blocksite2
However, if you have a lot of places to block. Ideally, create a blacklist and add it to the configuration file. Create a file
:~$ sudo nano /etc/squid/blocked.lst
Now, edit the configuration file and add the list.
acl blocksitelist dstdomain "/etc/squid/blocked.lst" http_access deny blocksitelist
Another way to block inappropriate sites in the organization is through keywords. Very useful if you don’t remember all the sites to restrict but you will block all those related to it.
acl blockkeyword1 url_regex gmail acl blockkeyword2 url_regex porn http_access deny blockkeyword1 http_access deny blockkeyword2
Or if you have a pretty extensive list, you can create a file and place them there. Then you add it to the configuration file. Similar to how it was done with domains.
:~$ sudo nano /etc/squid/blockedkw.lst
acl blockkeywordlist url_regex "/etc/squid/blockedkw.lst" http_access deny blockkeywordlist
Now, go to the squid configuration file and add the list.
For all these changes to take effect, it is necessary to restart the Squid service.
:~$ sudo systemctl restart squid
And that’s it.
It’s true that Squid Proxy offers a lot of possibilities. However, today I have presented some basic options but very useful at the time of configuring it. It only remains for you to continue using and enjoying this tool.
You can also read “How to Install and Use Pacaur on Arch Linux“.
Please share this post with your friends.
Estimado cuantas URL o Dominios, puede soportar el tanto el dstdomain y el url_regex.
De acuerdo a la memoria RAM, pero bastantes.