How to install and configure Squid Proxy on Debian 11

In this guide we will learn how to install and configure Squid Proxy server on a Debian 11 server.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems.

Squids reverse proxy is a service that sits between the Internet and the webserver (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access.

A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the web server.

When selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased performance.

Related posts:

Prerequisites

  • An updated Debian 11 server with at least 1GB of RAM
  • Root access to the server or user with sudo access
  • Access to the internet from the server

Table of Content

  1. Ensuring that the server is up to date
  2. Installing squid proxy server
  3. Starting and enabling the squid service
  4. Configuring your web browser
  5. Configuring squid
  6. Using squid proxy Access Control List (ACL)
  7. Using Squid to cache web pages

1. Ensuring that the server is up to date

Before proceeding, let us ensure that our server has updated packages. Use this command to achieve that:

sudo apt update
sudo apt upgrade -y

2. Installing Squid proxy server

The packages providing squid proxy server are available in the default Debian repositories. Install it using this command:

sudo apt install -y squid

Confirm that the package was installed as expected

$ apt-cache policy squid
squid:
  Installed: 4.13-10
  Candidate: 4.13-10
  Version table:
 *** 4.13-10 500
        500 http://cdn-aws.deb.debian.org/debian bullseye/main amd64 Packages
        100 /var/lib/dpkg/status

3. Starting and enabling the squid service

The squid proxy server will be started by default in our Debian system. To check the status, issue this command:

$ sudo systemctl status squid
● squid.service - Squid Web Proxy Server
     Loaded: loaded (/lib/systemd/system/squid.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-01-10 06:36:38 UTC; 21s ago
       Docs: man:squid(8)
    Process: 18748 ExecStartPre=/usr/sbin/squid --foreground -z (code=exited, status=0/SUCCESS)
   Main PID: 18751 (squid)
      Tasks: 4 (limit: 4626)
     Memory: 15.7M
        CPU: 181ms
     CGroup: /system.slice/squid.service
             ├─18751 /usr/sbin/squid --foreground -sYC
             ├─18753 (squid-1) --kid squid-1 --foreground -sYC
             ├─18754 (logfile-daemon) /var/log/squid/access.log
             └─18755 (pinger)

Jan 10 06:36:38 debiansrv.citizix.com squid[18753]: Using Least Load store dir selection
Jan 10 06:36:38 debiansrv.citizix.com squid[18753]: Set Current Directory to /var/spool/squid
Jan 10 06:36:38 debiansrv.citizix.com squid[18753]: Finished loading MIME types and icons.
Jan 10 06:36:38 debiansrv.citizix.com squid[18753]: HTCP Disabled.
Jan 10 06:36:38 debiansrv.citizix.com squid[18753]: Pinger socket opened on FD 14
Jan 10 06:36:38 debiansrv.citizix.com squid[18753]: Squid plugin modules loaded: 0
Jan 10 06:36:38 debiansrv.citizix.com squid[18753]: Adaptation support is off.
Jan 10 06:36:38 debiansrv.citizix.com squid[18753]: Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9
Jan 10 06:36:38 debiansrv.citizix.com systemd[1]: Started Squid Web Proxy Server.
Jan 10 06:36:39 debiansrv.citizix.com squid[18753]: storeLateRelease: released 0 objects

We can confirm that the service is running from the above command. To ensure that the service starts on boot, use the enable command:

sudo systemctl enable squid

4. Configuration for Your Web Browser

Before you make any changes to the squid configuration file, you have to change some settings in your web browser. So, open your web browser and open “network settings”, then proceed to “proxy settings”. Click on the “manual proxy” configuration, then write the **IP_Address **of your squid proxy server in the HTTP proxy bar and port no (by default, squid proxy port is 3128). Now, the squid proxy will go through your IP_Address. You can check it by typing any URL in your web browser; it will give you an error saying access denied, and to allow the access, we have to make changes in the squid configuration file.

5. Configuring Squid

The default Squid configuration file is located in the /etc/squid/ directory, and the main configuration file is called squid.conf. This file contains the bulk of the configuration directives that can be modified to change the behaviour of Squid. The lines that begin with a #, are commented out or not read by the file. These comments are provided to explain what the related configuration settings mean.

To edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations.

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

Now that a copy has been made as a backup file, we can make changes in the “squid.conf” file.

To open “squid.conf” file in vim, type this command:

sudo vim /etc/squid/squid.conf

Go to the line

http_access deny all

Change it to:

http_access allow all

You will have to restart the squid proxy server for the changes to apply. Use this command:

sudo systemctl restart squid

Now, check your web browser again, type any URL, and it should be working.

6. Using squid proxy ACL (Access Control List)

We can also use Squid as to control access to different websites(web traffic) by either allowing or blocking them. To do so, go to the line acl CONNECT method CONNECT.

And below this line, write the ACL (access control list) to block the websites you want.

acl block_websites dstdomain .facebook.com .youtube.com .instagram.com

Then deny the statement.

http_access deny block_websites

Save the changes, and to check whether your blocked websites are blocked or not, restart your squid service and verify the URL in your web browser.

You can also block a user from downloading specific files like audio and video files using ACL.

acl  media_files  urlpath_regex -i  \.(mp3|mp4|FLV|AVI|MKV)

It will prevent the user from downloading audio or video files with extensions like mp3, mp4, FLV, etc. Add any file extension you want to prevent from downloading. Now, below this line, write the deny statement.

http_access deny media_files

The media files will then be blocked from downloading.

7. Using Squid to Cache web pages

Proxy servers are also used for boosting the network performance by loading the web page faster by caching the website’s data. You can also change the directory location where cached data should be stored. Moreover, you can also change the cache file size and no. of directories in which data would be saved.

To make changes, open squid.conf file and go to the following line:

#cache_dir ufs /var/spool/squid 100 16 256

This line will be commented by default, so uncomment this line by removing the # sign.

In the above line, there is a phrase “100 16 256”. The 100 shows the size of the cache file, and you may change it to any size like 300. 16 shows the number of directories in which the cache file is saved. **256 **shows the no. of subdirectories.

<meta charset="utf-8">cache_dir ufs /var/spool/squid 300 20 260

You can also change the size of the cache file by adding the following line in the “squid.conf” file:

cache_mem 300 MB

If you want to change the path of the cache file directory, create new dir structure using this command:

sudo mkdir -p /path/where/you/want/to/place/file

To change the ownership of the cache directory to squid proxy, you have to execute this command:

sudo chown -R proxy:proxy /path/where/you/want/to/place/file

Now, stop the squid service using this command:

sudo systemctl stop squid

And then run the command with this command to make the missing cache directories in the new cache directory:

sudo squid -z

Now, start the squid service again using the command below:

sudo systemctl start squid

Wrapping up

We have managed to install and configure squid proxy server in this guide. Squid proxy is a very good tool that can be used in organizations or by small internet service providers to control web traffic and internet access. It boosts web browsing speed and provides security mechanisms for web traffic.

comments powered by Disqus
Built with Hugo
Theme Stack designed by Jimmy