How To Setup Your Own Free Proxy Server Using Squid Proxy

Free Proxy Server Using Squid Proxy

I had few use cases to setup my own web proxy. One such use case is, API calls to few web services to get the pricing. So when ever I make an API call, it returns the value in my local currency. So I had to set up my own proxy server my desired country (On Cloud) and I make those API calls through that proxy. This way the I get the pricing response in the desired currency.

After some research, I have found squid proxy server to be a better fit for my needs. It is an open source forward proxy server with many functionalities. It is being used by many organizations for their forward proxy needs.

Free Proxy Server With Squid Proxy

In this blog, I will explain the step-by-step process to set up a free proxy server using Squid Proxy on the latest Ubuntu server.

Note: I have used Digital Ocean Cloud to deploy my proxy server. You can choose from many regions for your proxy setup. Also, you can get $100 free Digital Ocean credits from here.

Follow the steps given below for a working proxy server.

Step 1: Login to the server and update the package list.

sudo apt update -y

Step 2: Install Squid Proxy server.

sudo apt -y install squid

Step 3: Start and enable squid service to start on system boot.

sudo systemctl start squid
sudo systemctl enable squid

Step 4: Verify the squid service status. You should be seeing the “active” status.

sudo systemctl status squid 

Squid Proxy Port

By default, squid runs on port 3128

You can check it using the following command.

netstat -tnlp

Now we have a working squid proxy server. Next important step is to configure the squid proxy based on your needs.

Squid proxy configuration

If you are setting up squid proxy for your production environment, you have to make sure all the proxy configurations are set as per your needs.

The core settings of squid proxy are in /etc/squid/squid.conf

Squid proxy port

By default squid proxy runs on port 3128. If you are on cloud, make sure you allow 3128 in your firewall rules.

Also, you can change the default 3128 port to a custom port by editing the following configuration in the squid.conf file.

http_port 3128

Proxying Internet Connectivity

The primary use case for most of us have is to connect to the internet through a proxy server.

If you want to connect to internet through your proxy, you need to configure ACLs (Access Control List) in your squid configuration.

Enable Squid ACLs for Internet Connectivity

By default, all the incoming connection to the proxy server will be denied. We need to enable few configurations for the squid server to accept connections from other hosts.

Open /etc/squid/squid.conf file.

vim /etc/squid/squid.conf

Search for entry http_access allow localnet in the file. By default, it will be commented out. Uncomment it.

Next step is to add ACLs to the squid config file /etc/squid/squid.conf. ACL for localnet has the following format.

acl localnet src [source-ip-range]

You can whitelist the source IP ranges in the following ways.

  1. Single IP [49.205.220.161]
  2. A range of IPs [0.0.0.1-0.255.255.255]
  3. CIDR range [10.0.0.0/28]

Based on your requirements you can add the localnet acl. For example, in my use case, I had to whitelist my home network. I found my home network public address using Find My IP service and whitelisted that in the ACL as shown below.

acl localnet src 49.205.45.67

If you want to whitelist your private networks CIDR range, you can have the ACL like the following. Normally this kind of use cases comes when you set up a virtual network for your organization.

acl localnet src 10.0.0.0/8

Note: You can add your ACL in the config file under the default ACLs are present. If you search for,ACLs all you will find the ACL default section. If you specify a CIDR private range, make sure the proxy is in the same private network.

Here is the ACL I added to my squid server.

#Default:
# ACLs all, manager, localhost, and to_localhost are predefined.
#
#
# Recommended minimum configuration:
#
acl localnet src 49.205.45.67
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
#acl localnet src fc00::/7       # RFC 4193 local private network range
#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

Test Proxy Connectivty

To test the proxy connectivity for internet from your specified ACL source, you can use the following curl command syntax which should return a 200 OK response code.

curl -x http://[YOUR-PROXY-IP]:3128 -I http://google.com

Output would like the following.

➜  ~ curl -x http://134.209.77.172:3128 -I http://www.google.com
HTTP/1.1 200 OK
Date: Sun, 24 Mar 2019 07:21:26 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2019-03-24-07; expires=Tue, 23-Apr-2019 07:21:26 GMT; path=/; domain=.google.com
Set-Cookie: NID=164=QUlqgO1t2-LesVjVjqd0RqBXPUh3QMutuw31xovrIC4EXZOYF5KSpvmDuIORnkm2EvinnZRzqWwG6LbhWR-lb11HpiHQZczfWPN2HuT9FZjaLO_z0ku1qk0N-IWOv2W5l4XparkWr8kusyUPw3jBHGgtoB_gECW4VqUiPvK5H98; expires=Mon, 23-Sep-2019 07:21:26 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
X-Cache: MISS from crunch-proxy
X-Cache-Lookup: MISS from crunch-proxy:3128
Via: 1.1 crunch-proxy (squid/3.5.27)
Connection: keep-alive

Setup Squid Proxy Authentication

The previous method would allow anonymous proxy usage. To prevent this, you can set up proxy authentication using a username and password.

Step 1: Install apache utils.

sudo apt install apache2-utils -y

Step 2: Create a passwd file and change the ownership to proxy user.

sudo touch /etc/squid/passwd
sudo chown proxy /etc/squid/passwd

Step 3: Create a user named proxyuser user using the following command. It will prompt for a password. Provide a secure password.

sudo htpasswd /etc/squid/passwd proxyuser

Step 4: Open the squid.conf file.

sudo vi /etc/squid/squid.conf

Step 5: Add the following content to the file.

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

Step 6: Restart Squid server for the changes to take place.

sudo systemctl restart squid

Test squid proxy authentication

Test squid proxy authentication using curl. You can use the following syntax.

curl -x http://[squid-server-IP]:3128  --proxy-user proxyuser:[proxy-password]  https://www.google.com

For example,

curl -x http://134.209.77.172:3128  --proxy-user proxyuser:pa33w0rd  https://www.google.com

You will see the following error if authentication details are not passed properly.

Received HTTP code 407 from proxy after CONNECT

Blocking Websites Using Squid Proxy

Another key use case of a squid proxy is to block certain websites being accessed . In this section we will look in to the steps to configure a website block list.

Step 1: Create a block list file named proxy-block-list.acl

sudo vi /etc/squid/proxy-block-list.acl

Step 2: Add the websites that has to blocked to the file as shown below.

.facebook.com
.instagram.com
.twitter.com

Note: Make sure you do not have any http_access allow all rules above the block list rule. It will take precedence and the block list will not work.

Step 3: Open the squid configuration file.

sudo vi /etc/squid/squid.conf

Step 4: Add the following lines above the ACLs we have added in the previous steps.

acl bad_urls dstdomain "/etc/squid/proxy-block-list.acl"
http_access deny bad_urls

Step 5: Restart the squid server.

sudo systemctl restart squid

Test Squid Proxy Blocker Websites

Now if you try to access the websites which are in the block list, you will get a 403 error as shown below.

➜  ~ curl -x http://134.209.77.172:3128  --proxy-user proxyuser:pa33w0rd  https://instagram.com
curl: (56) Received HTTP code 403 from proxy after CONNECT

Using Squid Proxy

You can use squid proxy in the following ways.

For Web Browsing

You can use squid proxy endpoint as your browser proxy. Each browser has its own proxy settings. You can add the proxy IP, port and authentication details if enabled.

For Applications

If you have applications running on a private network and you want to connect to the internet for specific calls, you can use the proxy endpoint to route that outbound internet traffic.

Blocking Unwanted Website Access

Organizations use a proxy server to limit access to certain unwanted websites.

Conclusion

Squid proxy offers a variety of solution as a forward proxy. It is a best free proxy server software. Its implementation depends on your architecture and design. And, if you want to learn and manage squid proxy by yourself then check out this hands-on course.

1 Shares:
2 comments
Leave a Reply

Your email address will not be published. Required fields are marked *