Mind Chasers Inc.
Mind Chasers Inc.

Build Squid 4 on Ubuntu 18.04 Linux from Source

Squid is a proxy and caching server. Also, it works with content filters to implement black lists that are used to block requests to undesirable web sites.

Overview

The Squid caching proxy is an excellent, long established open source project with an active mail list. Aside from the core proxy and cache functionality, Squid is also great for managing, filtering, & analyzing HTTP and HTTPS accesses. An example of this is using a content filter to either rewrite or redirect URLs, and a typical application for this is blocking tracking sites and objectionable content, such as porn. If you're interested in this application, you may want to review our article Basic Python Squid Redirector / Rewriter for Content Filtering / Ad blocking for an example implementation.

Install from Source

Squid can be installed on Ubuntu using apt, but we want to experiment with the configuration options and source, so we build it from its repository on Github

Below we clone the Squid repo and build the latest from the version 4 branch. Note that the Squid developers are currently working on version 5.

$ cd /build  # this is where we build our code
$ git clone https://github.com/squid-cache/squid.git squid
Cloning into 'squid'...

$ cd squid
$ git branch -r
  origin/HEAD -> origin/master
  ...
  origin/v3.5
  origin/v4

$ git checkout v4
Branch 'v4' set up to track remote branch 'v4' from 'origin'.
Switched to a new branch 'v4'

$./bootstrap.sh
automake (1.15.1) : automake
autoconf (2.69) : autoconf
libtool  (2.4.6) : libtool
libtool path : /usr/bin
Bootstrapping 
parallel-tests: installing 'cfgaux/test-driver'
Fixing configure recursion
Autotool bootstrapping complete.

$ mkdir build; cd build
$ pwd
/build/squid/build

Now it's time to configure our build. Note that there are many available configuration options, and a good starting point to exploring them is configure --help.

$ ../configure --prefix=/opt/squid --with-default-user=squid --enable-ssl --disable-inlined \
--disable-optimizations --enable-arp-acl --disable-wccp --disable-wccp2 --disable-htcp \
--enable-delay-pools --enable-linux-netfilter --disable-translation --disable-auto-locale \
--with-logdir=/opt/squid/log/squid --with-pidfile=/opt/squid/run/squid.pid

...
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands

Let's build the code and install it to /opt/squid as specified above during configure

$ make

$ make install   # no need for sudo since we're installing to our own /opt/squid

$ ls /opt/squid
bin  etc  libexec  sbin  share  var

Important Files and Folders

File/Folder Purpose
etc/squid.conf Squid configuration file
log/squid/access.log, log/squid/cache.log Squid log files

Squid Runtime Configuration

Change the default configuration by editing etc/squid.conf.

Configure the devices / subnet allowed access.

acl localnet src 192.168.3.0/24

http_access allow localnet

Find the http_port tag. By default it is set to port 3128. This is the port that Squid will listen to for requests. You will also need to set this port in your browser when you configure the browser's proxy.

# Squid normally listens to port 3128
http_port 3128

Now create a squid user and give it permissions to write to various folders under /opt/squid:

$ sudo adduser squid

$ mkdir -p /opt/squid/log
$ sudo chown -R squid:squid /opt/squid/log  # do the same for run and var

Running Squid

su as squid and start squid:

$ su squid
$ /opt/squid/sbin/squid
	
$ ps -e | grep squid
10486 ?        00:00:00 squid
10501 ?        00:00:00 squid

If you make changes to squid.conf or later reconfigure SquidGuard, you can run a reconfigure:

$ /opt/squid/sbin/squid -k reconfigure

Testing Squid

Log into a Linux host, configure use of a proxy on the command line, and perform a get. Note that below our Squid proxy is running on 192.168.3.75, and we're testing it from 192.168.3.44.

$ export http_proxy=192.168.3.75:3128

$ wget yahoo.com
--2019-04-01 16:29:24--  http://yahoo.com/
Connecting to 192.168.3.75:3128... connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: https://yahoo.com/ [following]
--2019-04-01 16:29:24--  https://yahoo.com/
Saving to: ‘index.html’
...

You can view Squid activity by viewing access.log. If configured for native format, each line will be written as shown below. Further information on the log format can be found here.

1554150564.878    202 192.168.3.44 TCP_MISS/301 332 GET http://yahoo.com/ - HIER_DIRECT/98.137.246.7 text/html

There are a lot of very interesting things that you can do with Squid. We plan to expand this article to show some of them (e..g, replacing header fields).

References

Didn't find an answer to your question? Post your issue below or in our new FORUM, and we'll try our best to help you find a solution.

And please note that we update our site daily with new content related to our open source approach to network security and system design. If you would like to be notified about these changes, then please follow us on Twitter and join our mailing list.

Related articles on this site:

share
subscribe to mailing list:

Please help us improve this article by adding your comment or question:

your email address will be kept private
authenticate with a 3rd party for enhanced features, such as image upload
previous month
next month
Su
Mo
Tu
Wd
Th
Fr
Sa
loading