Web Proxy Debian

How to Install and Configure Squid Proxy on Debian 10 Linux

Squid is a full-featured caching proxy supporting popular network protocols like HTTP, HTTPS, FTP, and more. It can be used for improving the web server’s performance by caching repeated requests, filtering web traffic and accessing geo-restricted this tutorial, we will explain how to set up a Squid Proxy on Debian Buster. We will also show you how to configure Firefox and Google Chrome web browsers to use stalling Squid on Debian Squid package is included in the standard on Debian 10 repositories. Run the following commands as sudo user
to install Squid:sudo apt updatesudo apt install squidOnce the installation is completed, the Squid service will start that the installation was successful and Squid service is running by checking the status of the Squid service:sudo systemctl status squid● rvice – LSB: Squid HTTP Proxy version 3. x
Loaded: loaded (/etc/init. d/squid; generated)
Active: active (running) since Sat 2019-08-03 08:52:47 PDT; 3s ago…
Configuring Squid Squid can be configured by editing the /etc/squid/ configuration file. Separate configuration files can be included using the “include” configuration file includes comments describing what each configuration option making any changes, it is always a good idea to back up
the original file:sudo cp /etc/squid/{,. orginal}To modify the configuration, open the file in your text editor:sudo nano /etc/squid/ default, Squid listens on port 3128 on all network you want to change the port and set a listening interface, locate the line starting with _port and specify the interface IP address and the new port. If no interface is specified Squid will listen on all interfaces. /etc/squid/ Squid normally listens to port 3128
Running Squid on all interfaces and on the default port should be fine for most Access Control Lists (ACLs) allows you to control how the clients can access web resources. By default, Squid allows access only from the all of the clients that will use the proxy have a static IP address the simplest option is to create an ACL that will include the allowed stead of adding the IP addresses in the main configuration file we will create a new include file that will store the IP addresses:/etc/squid/allowed_ips. txt192. 168. 33. 1
# All other allowed IPs
Once done open the main configuration file and create a new ACL named allowed_ips (first highlighted line) and allow access to that ACL using the _access directive (second highlighted line):/etc/squid/…
acl allowed_ips src “/etc/squid/”
#_access allow localnet
_access allow localhost
_access allow allowed_ips
# And finally deny all other access to this proxy
_access deny allThe order of the _access rules is important. Make sure you add the line before _access deny _access directive works in a similar way as the firewall rules. Squid reads the rules from top to bottom, and when a rule matches the rules below are not processed. Whenever you make changes to the configuration file you need to restart the Squid service for the changes to take effect:sudo systemctl restart squidSquid Authentication Squid can use different back ends, including Samba, LDAP and HTTP basic auth to authenticated this example, we’ll configure Squid to use basic auth. It is a simple authentication method built into the HTTP ’ll use the openssl utility to generate the passwords and append the username:password pair to the /etc/squid/htpasswd file with the tee
command as shown below:printf “USERNAME:$(openssl passwd -crypt PASSWORD)\n” | sudo tee -a /etc/squid/htpasswd
Let’s create a user named “buster” with password “Sz$Zdg69″:printf “buster:$(openssl passwd -crypt ‘Sz$Zdg69’)\n” | sudo tee -a /etc/squid/htpasswdbuster:RrvgO7NxY86VM
The next step is to enable the HTTP basic authentication. Open the main configuration and add the following:/etc/squid/…
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
_access allow authenticated
_access deny allThe first three highlighted lines are creating a new ACL named authenticated and the last highlighted line is allowing access to authenticated start the Squid service:sudo systemctl restart squidConfiguring firewall UFW users can open port 3128 by enabling the ‘Squid’ profile:sudo ufw allow ‘Squid’If you are using nftables
to filter connections to your system, open the necessary ports by issuing the following command:sudo nft add rule inet filter input tcp dport 3128 ct state new, established counter acceptIf Squid is running on another, non-default port, you’ll need to allow traffic on that nfiguring Your Browser to Use Proxy In this section well show you how to configure your browser to use Squid refox The steps below are the same for Windows, macOS, and the upper right-hand corner, click on the hamburger icon ☰ to open Firefox’s menu:Click on the ⚙ Preferences down to the Network Settings section and click on the Settings… button. A new window will the Manual proxy configuration radio your Squid server IP address in the HTTP Host field and 3128 in the Port the Use this proxy server for all protocols on the OK button to save the this point, your Firefox is configured and you can browse the Internet through the Squid proxy. To verify it, open, type “what is my ip” and you should see your Squid server IP revert back to the default settings go to Network Settings, select the Use system proxy settings radio button and save the are also several plugins that can help you to configure Firefox’s proxy settings such as FoxyProxy
Chrome Google Chrome
uses the default system proxy settings. Instead of changing your operating system proxy settings you can either use an addon such as SwitchyOmega
or start Chrome web browser from the command launch Chrome using a new profile and connect to the Squid server, use the following command:Linux:/usr/bin/google-chrome \
–user-data-dir=”$HOME/proxy-profile” \
macOS:”/Applications/Google Chrome” \
Windows:”C:\Program Files (x86)\Google\Chrome\Application\” ^

Frequently Asked Questions about web proxy debian

Leave a Reply

Your email address will not be published. Required fields are marked *