Overview
The Squid caching proxy is an excellent, long established open source project with an active mail list. Aside from the core proxy and cache functionality, Squid is also great for managing, filtering, & analyzing HTTP and HTTPS accesses. An example of this is using a content filter to either rewrite or redirect URLs, and a typical application for this is blocking tracking sites and objectionable content, such as porn. If you're interested in this application, you may want to review our article Basic Python Squid Redirector / Rewriter for Content Filtering / Ad blocking for an example implementation.
Install from Source
Squid can be installed on Ubuntu using apt, but we want to experiment with the configuration options and source, so we build it from its repository on Github
Below we clone the Squid repo and build the latest from the version 4 branch. Note that the Squid developers are currently working on version 5.
$ cd /build # this is where we build our code $ git clone https://github.com/squid-cache/squid.git squid Cloning into 'squid'... $ cd squid $ git branch -r origin/HEAD -> origin/master ... origin/v3.5 origin/v4 $ git checkout v4 Branch 'v4' set up to track remote branch 'v4' from 'origin'. Switched to a new branch 'v4' $./bootstrap.sh automake (1.15.1) : automake autoconf (2.69) : autoconf libtool (2.4.6) : libtool libtool path : /usr/bin Bootstrapping parallel-tests: installing 'cfgaux/test-driver' Fixing configure recursion Autotool bootstrapping complete. $ mkdir build; cd build $ pwd /build/squid/build
Now it's time to configure our build. Note that there are many available configuration options, and a good starting point to exploring them is configure --help.
$ ../configure --prefix=/opt/squid --with-default-user=squid --enable-ssl --disable-inlined \ --disable-optimizations --enable-arp-acl --disable-wccp --disable-wccp2 --disable-htcp \ --enable-delay-pools --enable-linux-netfilter --disable-translation --disable-auto-locale \ --with-logdir=/opt/squid/log/squid --with-pidfile=/opt/squid/run/squid.pid ... configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged config.status: executing depfiles commands config.status: executing libtool commands
Let's build the code and install it to /opt/squid as specified above during configure
$ make $ make install # no need for sudo since we're installing to our own /opt/squid $ ls /opt/squid bin etc libexec sbin share var
Important Files and Folders
File/Folder | Purpose |
---|---|
etc/squid.conf | Squid configuration file |
log/squid/access.log, log/squid/cache.log | Squid log files |
Squid Runtime Configuration
Change the default configuration by editing etc/squid.conf.
Configure the devices / subnet allowed access.
acl localnet src 192.168.3.0/24 http_access allow localnet
Find the http_port tag. By default it is set to port 3128. This is the port that Squid will listen to for requests. You will also need to set this port in your browser when you configure the browser's proxy.
# Squid normally listens to port 3128 http_port 3128
Now create a squid user and give it permissions to write to various folders under /opt/squid:
$ sudo adduser squid $ mkdir -p /opt/squid/log $ sudo chown -R squid:squid /opt/squid/log # do the same for run and var
Running Squid
su as squid and start squid:
$ su squid $ /opt/squid/sbin/squid $ ps -e | grep squid 10486 ? 00:00:00 squid 10501 ? 00:00:00 squid
If you make changes to squid.conf or later reconfigure SquidGuard, you can run a reconfigure:
$ /opt/squid/sbin/squid -k reconfigure
Testing Squid
Log into a Linux host, configure use of a proxy on the command line, and perform a get. Note that below our Squid proxy is running on 192.168.3.75, and we're testing it from 192.168.3.44.
$ export http_proxy=192.168.3.75:3128 $ wget yahoo.com --2019-04-01 16:29:24-- http://yahoo.com/ Connecting to 192.168.3.75:3128... connected. Proxy request sent, awaiting response... 301 Moved Permanently Location: https://yahoo.com/ [following] --2019-04-01 16:29:24-- https://yahoo.com/ Saving to: ‘index.html’ ...
You can view Squid activity by viewing access.log. If configured for native format, each line will be written as shown below. Further information on the log format can be found here.
1554150564.878 202 192.168.3.44 TCP_MISS/301 332 GET http://yahoo.com/ - HIER_DIRECT/98.137.246.7 text/html
There are a lot of very interesting things that you can do with Squid. We plan to expand this article to show some of them (e..g, replacing header fields).