I had few use cases to setup my own web proxy. One such use case is, API calls to few web services to get the pricing. So when ever I make an API call, it returns the value in my local currency. So I had to set up my own proxy server my desired country (On Cloud) and I make those API calls through that proxy. This way the I get the pricing response in the desired currency.
After some research, I have found
Free Proxy Server With Squid Proxy
In this blog, I will explain the step by step process to set up a free proxy server using Squid Proxy on the latest Ubuntu server.
- Free Proxy Server With Squid Proxy
- Squid proxy configuration
- Squid proxy port
- Proxying Internet Connectivity
- Setup Squid Proxy Authentication
- Blocking Websites Using Squid Proxy
- Using Squid Proxy
Follow the steps given below for a working proxy server.
Step 1: Login to the server and update the package list.
sudo apt update -y
Step 2: Install Squid Proxy server.
sudo apt -y install squid
Step 3: Start and enable squid service to start on system boot.
sudo systemctl start squid sudo systemctl enable squid
Step 4: Verify the squid service status. You should be seeing the “active” status.
sudo systemctl status squid
Squid Proxy Port
By default, squid runs on port
You can check it using the following command.
Now we have a working squid proxy server. Next important step is to configure the squid proxy based on your needs.
Squid proxy configuration
If you are setting up squid proxy for your production environment, you have to make sure all the proxy configurations are set as per your needs.
The core settings of squid proxy are in
Squid proxy port
By default squid proxy runs on port
3128. If you are on cloud, make sure you allow 3128 in your firewall rules.
Also, you can change the default 3128 port to a custom port by editing the following configuration in the
Proxying Internet Connectivity
The primary use case for most of us have is to connect to the internet through a proxy server.
If you want to connect to internet through your proxy, you need to configure ACLs (Access Control List) in your squid configuration.
Enable Squid ACLs for Internet Connectivity
By default, all the incoming connection to the proxy server will be denied. We need to enable few configurations for the squid server to accept connections from other hosts.
Search for entry
http_access allow localnet in the file. By default, it will be commented out. Uncomment it.
Next step is to add ACLs to the squid config
acl localnet src [source-ip-range]
You can whitelist the source IP ranges in the following ways.
- Single IP [220.127.116.11]
- A range of IPs [0.0.0.1-0.255.255.255]
- CIDR range [10.0.0.0/28]
Based on your requirements you can add the localnet acl. For example, in my use case, I had to whitelist my home network. I found my home network public address using Find My IP service and whitelisted that in the ACL as shown below.
acl localnet src 18.104.22.168
If you want to whitelist your private networks CIDR range, you can have the ACL like the following. Normally this kind of use cases comes when you set up a virtual network for your organization.
acl localnet src 10.0.0.0/8
Note: You can add your ACL in the config file under the default ACLs are present. If you search for,
ACLs allyou will find the ACL default section. If you specify a CIDR private range, make sure the proxy is in the same private network.
Here is the ACL I added to my squid server.
#Default: # ACLs all, manager, localhost, and to_localhost are predefined. # # # Recommended minimum configuration: # acl localnet src 22.214.171.124 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
Test Proxy Connectivty
To test the proxy connectivity for internet from your specified ACL source, you can use the following curl command syntax which should return a
200 OK response code.
curl -x http://[YOUR-PROXY-IP]:3128 -I http://google.com
Output would like the following.
➜ ~ curl -x http://126.96.36.199:3128 -I http://www.google.com HTTP/1.1 200 OK Date: Sun, 24 Mar 2019 07:21:26 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2019-03-24-07; expires=Tue, 23-Apr-2019 07:21:26 GMT; path=/; domain=.google.com Set-Cookie: NID=164=QUlqgO1t2-LesVjVjqd0RqBXPUh3QMutuw31xovrIC4EXZOYF5KSpvmDuIORnkm2EvinnZRzqWwG6LbhWR-lb11HpiHQZczfWPN2HuT9FZjaLO_z0ku1qk0N-IWOv2W5l4XparkWr8kusyUPw3jBHGgtoB_gECW4VqUiPvK5H98; expires=Mon, 23-Sep-2019 07:21:26 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding X-Cache: MISS from crunch-proxy X-Cache-Lookup: MISS from crunch-proxy:3128 Via: 1.1 crunch-proxy (squid/3.5.27) Connection: keep-alive
Setup Squid Proxy Authentication
The previous method would allow anonymous proxy usage. To prevent this, you can set up proxy authentication using a username and password.
Step 1: Install apache utils.
sudo apt install apache2-utils -y
Step 2: Create a passwd file and change the ownership to proxy user.
sudo touch /etc/squid/passwd sudo chown proxy /etc/squid/passwd
Step 3: Create a user named
proxyuser user using the following command. It will prompt for a password. Provide a secure password.
sudo htpasswd /etc/squid/passwd proxyuser
Step 4: Open the
sudo vi /etc/squid/squid.conf
Step 5: Add the following content to the file.
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 2 hours acl auth_users proxy_auth REQUIRED http_access allow auth_users
Step 6: Restart Squid server for the changes to take place.
sudo systemctl restart squid
Test squid proxy authentication
Test squid proxy authentication using curl. You can use the following syntax.
curl -x http://[squid-server-IP]:3128 --proxy-user proxyuser:[proxy-password] https://www.google.com
curl -x http://188.8.131.52:3128 --proxy-user proxyuser:pa33w0rd https://www.google.com
You will see the following error if authentication details are not passed properly.
Received HTTP code 407 from proxy after CONNECT
Blocking Websites Using Squid Proxy
Another key use case of a squid proxy is to block certain websites being accessed . In this section we will look in to the steps to configure a website block list.
Step 1: Create a block list file named
sudo vi /etc/squid/proxy-block-list.acl
Step 2: Add the websites that has to blocked to the file as shown below.
.facebook.com .instagram.com .twitter.com
Note: Make sure you do not have any
http_access allow allrules above the block list rule. It will take precedence and the block list will not work.
Step 3: Open the squid configuration file.
sudo vi /etc/squid/squid.conf
Step 4: Add the following lines above the ACLs we have added in the previous steps.
acl bad_urls dstdomain "/etc/squid/proxy-block-list.acl" http_access deny bad_urls
Step 5: Restart the squid server.
sudo systemctl restart squid
Test Squid Proxy Blocker Websites
Now if you try to access the websites which are in the block list, you will get
➜ ~ curl -x http://184.108.40.206:3128 --proxy-user proxyuser:pa33w0rd https://instagram.com curl: (56) Received HTTP code 403 from proxy after CONNECT
Using Squid Proxy
You can use squid proxy in the following ways.
For Web Browsing
You can use squid proxy endpoint as your browser proxy. Each browser has its own proxy settings. You can add the proxy IP, port and authentication details if enabled.
If you have applications running on a private network and you want to connect to the internet for specific calls, you can use the proxy endpoint to route that outbound internet traffic.
Blocking Unwanted Website Access
Organizations use a proxy server to limit access to certain unwanted websites.
Squid proxy offers a variety of solution as a forward proxy. It is a best free proxy server software. Its implementation depends on your architecture and design. And, if you want to learn and manage squid proxy by yourself then check out this hands-on course.