By Dr. Muhammad Saleem, PHD
Pakistan Center for Advanced Studies in Engineering
Squid is a popular proxy and web cache server. It is used for a variety of purposes e.g. increase in speed of a web server through caching of most recently accessed pages, security through packet filtering. It was designed to support HTTP and FTP protocols. However, it now also includes support for TLS, SSL and HTTPS. Squid is available for all Unix-like operating systems as well as Windows. The Squid is an excellent solution ranging from small offices to large enterprise networks. Remember, PC reserved for Squid must have large amount of physical memory because it maintains an in-memory cache for higher performance. One more thing: it can threat the privacy of clients because it can log URLs, date and time of access, requester’s identification etc.
Detailed configuration of Squid is beyond the scope of this article. Therefore, in this article, we only mention few basic things to bring up the Squid proxy server. First step is to get it installed on your Ubuntu machine if not done already. Assuming that your machine is connected to Internet, open the command terminal and enter:
Configuration of Squid
Like most Linux applications, Squid is also configured through a ‘conf’ file called ‘squid.conf’. This file is located in ‘/etc/squid/’ directory. This configuration file contains several directives i.e. keywords that are used to feed different information to Squid during startup. Before editing this file, we recommend you to keep a backup of this file. For instance, you can simply copy it to another file using ‘cp /etc/squid/squid.conf /etc/squid/squid.conf.
unmodified. Remember editing files in ‘/etc/’ directory require ‘root’ access. Let us now get to real business. Open the file in your favorite editor and change few lines as described below.
- Proxy servers listen incoming connections on a specific port. To configure this port for Squid, locate line containing ‘http_port’, uncomment it, and specify the port e.g. ‘http_port 8080’. IP address of the machine running Squid can also be provided on this line e.g. ‘http_port 192.168.1.121:8080’
- You can give name to your proxy server – not necessarily be the computer name itself. Here is the way to do this.
Let us now turn to an important configuration question: who is allowed to access this proxy server and when? To allow the subnet ‘192.168.1.0’, locate the ACL section, edit / add the following lines at the BOTTOM of the section.
acl allowed_hours time MTWHF 9:00-17:00
Number after ‘/’, on the first line, refers to netmask which in this case will be 255.255.255.0 (24 leftmost bits are 1). For detailed information on netmasks, follow this link: (http://unixwiz.net/techtips/
netmask-ref.html). Second line specifies the days and time of access. Now to make it effective, add the following line at the TOP of http_access section.
Instead of specifying the entire subnet address, one can also use specific IP addresses using the ‘src’ keyword. Here is the example.
http_access allow allowed_machines
http_access deny !allowed_machines
Another variation might be to allow the clients to use the service at different time. Here is an example.
acl hosts2 src 126.96.36.199
acl morning time 09:00-12:00
acl lunch time 12:30-13:30
http_access allow host1 morning
http_access allow host1 lunch
http_access allow host2 lunch
http_access deny all
Host1 enjoys two timings, morning and lunch. Squid can also block certain sites or sites containing a specific word. Here is an example.
http_access deny banned_sites
For a specific keyword, you can use:
acl banned_sites url_regex porn
http_access deny banned_sites
All sites containing the word ‘porn’ will be blocked. Oops!!
Once you are done with the access control list, save your changes and start/restart Squid using:
sudo /etc/init.d/squid restart
That’s all folks. Happy Squidding !!!!!!
Editor's Note: Dr. Muhammad Saleem has a PhD from the Center for Advanced Studies in Engineering, Islamabad, Pakistan. He spends his spare time writing as a freelance writer. He is also the author/co-author of several research publications in the area of Ad Hoc networks. You can view more about his work over at:
The article above does not reflect the opinions, observations and recommendations of Dannybuntu.com and are the sole views of the author. Always confirm information before you do something with your computer.