How To Configure Squid Proxy Server On Ubuntu 20.04 LTS - LinuxWays

21/09/2021 13:00 How to configure Squid Proxy Server on Ubuntu 20.
04 LTS – LinuxWays
UBUNTU
Chercher 
Comment configurer le serveur proxy Squid sur

Ubuntu 20.04 LTS
 10 novembre 2020  Ummara Mushtaq Messages récents
Top 5 des
logiciels gratuits
de diagramme de
Gantt
Top 4 des
logiciels RH
gratuits et open
source
Top 8 des
Dans notre article précédent Comment installer le serveur proxy Squid sur Linux , nous vous systèmes de
avons fourni l'introduction de base du serveur Squid et son installation dans le système Linux. gestion de
Dans cet article, nous allons suivre pour configurer le serveur proxy Squid. Nous aborderons les documents
sujets suivants : gratuits et open source
1. Configurer Squid pour écouter sur un autre port Comment

2. Configuration du nom d'hôte pour le serveur proxy Squid configurer une
3. Définition de la taille de la mémoire cache Squid connexion SSH
4. Spécification des serveurs de noms DNS à utiliser sans mot de
5. Refuser l'accès à certains sites Web sur le serveur proxy Squid passe à l'aide de ssh-keygen
6. Configuration de l'authentification client Squid Proxy ?
7. Configuration des clients pour se connecter via le serveur proxy Squid
Comment
Remarque : les commandes et procédures décrites dans cet article ont été testées sur Ubuntu chiffrer le
20.04 LTS (Focal Fossa). Les mêmes commandes et procédures sont également valables pour la serveur Web
distribution Debian. Apache avec le
certificat SSL Let's Encrypt
sur Rocky Linux 8
Conditions préalables
Machine avec Ubuntu ou Debian installé
Utilisateur Sudo
Commentaires récents
Configuration du serveur proxy Squid sur Linux Jaime sur Comment installer
Microsoft Teams sur Ubuntu
Le fichier de configuration du serveur proxy Squid se trouve dans /etc/squid/squid.conf .list. 20.04 LTS
Ce fichier contient des directives par lesquelles le serveur proxy Squid est configuré.
Ummara sur Comment
changer le type de police, la
Configurer Squid pour écouter sur un autre port taille et la couleur du
Par défaut, le serveur proxy Squid écoute sur le port 3128 le trafic provenant des machines terminal Ubuntu 20.04 LTS
clientes. Cependant, vous pouvez le configurer pour écouter sur un port différent du port par
Samreena Aslam sur
défaut à l'aide de la directive http_port .
Comment changer le type de
police, la taille et la couleur
Modifiez la configuration de calmar à l'aide de la commande ci-dessous :
du terminal Ubuntu 20.04
LTS
https://linuxways.net/ubuntu/how-to-configure-squid-proxy-server-on-ubuntu-20-04-lts/ 1/21
21/09/2021 13:00 How to configure Squid Proxy Server on Ubuntu 20.04 LTS – LinuxWays
Mazyar sur Comment

$ sudo nano /etc/squid/squid.conf changer le type de police, la
taille et la couleur du
terminal Ubuntu 20.04 LTS
Trouvez maintenant l'entrée ci-dessous dans le fichier de configuration.
ummara sur Comment
changer l'arrière-plan dans
Remarque : vous pouvez utiliser Ctrl+W pour rechercher n'importe quelle ligne. Appuyez sur
Zoom
Ctrl+W, tapez des mots-clés et appuyez sur Entrée.
http_port 3128
Remplacez maintenant 3128 par le numéro de port que vous souhaitez que le serveur proxy
Squid écoute, disons 3155 :
http_port 3155
Maintenant, redémarrez le service du serveur proxy squid pour que les modifications prennent
effet :
$ sudo service squid redémarrage
Configuration du nom d'hôte pour le serveur proxy

Squid
Vous pouvez configurer le nom d'hôte du serveur proxy Squid s'il ne peut pas déterminer lui-
même le nom d'hôte de la machine. Pour configurer le nom d'hôte, vous pouvez utiliser la
directive visible_hostname . Ce nom est utilisé par Squid dans les messages d'erreur, les URL
internes, les listes de répertoires FTP, etc.
Modifiez la configuration de calmar à l'aide de la commande ci-dessous :
$ sudo nano /etc/squid/squid.conf
Ajoutez maintenant l'entrée suivante dans le fichier de configuration en remplaçant

<host_name> par tout nom que vous souhaitez définir comme nom d'hôte pour le serveur
proxy Squid. Il n'est pas nécessaire d'utiliser le nom d'hôte réel de votre système.
visible_hostname <host_name>
Par exemple, pour définir « linuxways » comme nom d'hôte du serveur proxy Squid, l'entrée
serait :
visible_hostname linux?ways
Once you are done with the configurations, save and exit the configuration file.
Now, restart the Squid proxy service for the configuration changes to take effect.
$ sudo service squid restart
In case the Squid client receive any error page, he will see the hostname listed at the bottom of
the webpage.
Setting Squid cache memory size

Squid caches the frequently visited content in memory. The default size of Squid cache memory
is 256 MB. To change the size of the Squid cache memory, cache_mem directive is used.
Edit the configuration file using the below command:
Then search for the following entry in the configuration file and replace 256 by the amount to
set for the cache memory size.
cache_mem 256 MB
For instance, to set the cache size to 512 MB, the entry would be changed to:
cache_mem 512 MB
Once you are done with the configurations, save and exit the configuration file.
Now, restart the squid service to apply the changes:
Specifying DNS name-servers to use

By default, Squid uses /etc/resolv.conf to resolve domain names. If you want the Squid to use a
different name server, you can do so using the dns_nameservers directive. Edit the squid
configuration using the below command:
Now add the below entry in the configuration file replacing:
dns_nameservers <IP address of DNS server>
For instance, to set 8.8.4.4 as name servers, the entry would be:
dns_nameservers 8.8.8.8 8.8.4.4
Once you are done with the configurations, save and exit the file.
Now, restart the squid service to apply the changes:
Controlling access to the proxy server

How Squid ACL works

For access control, ACLs are used in combination with access control directive. ACL alone is of
no use, they only help to identify user requests based on various rules. In order to allow or deny
access, they are combined with the http_access directive.
To define ACL, the syntax is:
acl NAME TYPE value
Example: Allow LAN traffic through Squid proxy server
To match traffic coming from LAN 192.168.5.0/24, we will need to create an ACL rule in the
Squid configuration file:
acl myacl src 192.168.5.0/24
Once the ACL is defined, you can use the http_access directive to allow/deny access. Here is
the syntax for the http_access directive:
http_access allow|deny NAME
Where NAME identifies the traffic which you want to allow/deny access.
To allow the traffic identified in the ACL, you will need to add the following http_access
directive in the Squid configuration file:
http_access allow myacl
Configuring proxy Sources to Access the internet

First, we will configure the sources which we want to allow access to the internet through the
proxy server. For instance, you might want to allow access to the proxy server only from the
internal network.
1. To configure the allowed sources, edit the squid configuration file:
2. Now, search for the entry acl localnet src.
Note: To search for an entry in the Nano editor, Press Ctrl+w, and type the expression you want
to search. In the case of the above example, press Ctr+w and type acl localnet src as shown in
the following screenshot.
3. Here, you will see the number of entries for different IP address ranges. Here, add an entry
for your network as follows:
acl localnet src subnet_ID/subnet_mask
For instance, your local network runs on the 192.168.72.0/24 subnet. In this case, the entry
would be:
acl localnet src 192.168.72.0/255.255.255.0
4. Now using the http_access directive, allow the sources identified by the acl named localnet
defined above. The http_access directive is already defined in the configured, you only need to
find and uncomment it.
Search for the entry #http_access allow localnet and then uncomment it by removing the #
character.
http_access allow localnet
Now save and exit the squid configuration file.
3. Now, restart the squid service using the below command:
Denying access to certain websites in Squid

proxy server
To deny access to some websites in the Squid proxy server, create a file and list all the websites
that you want to deny access to.
$ sudo nano /etc/squid/deniedsites.acl
Now list the sites you want to deny access to and then save and exit the file.
.msn.com
.yahoo.com
.bbc.com
Then edit the squid configuration file using the below command:
Now create an ACL rule for the denied websites and mention the file containing the list of
denied websites.
acl denied_sites dstdomain “/etc/squid/deniedsites.acl”
The ACL rule denied_sites will match all requests destined for the websites listed in the
“/etc/squid/deniedsites.acl” file.
Now you will need to add the http_access directive to deny the websites identified by the
above ACL rule named denied_sites. Add the below line in the Squid configuration file:
http_access deny denied_sites
Once you are done with the configurations, save and exit the file.
Now, restart the squid service using the below command:
Configuring Squid Proxy client Authentication

With the Squid proxy server, we can add basic user-based authentication for some security. To
do so, we will use the htpasswd program that comes with the Apache HTTP server. Then we
will create a file that will contain usernames and passwords for authentication.
1. First, we will have to install Apache2-utils. Use the following command to do so:
$ apt install -y apache2-utils
2. Now create passwd file in /etc/squid directory to store passwords:
$ touch /etc/squid/passwd
3. Use the below command to set the ownership to user “proxy”:
$ chown proxy: /etc/squid/passwd
4. Now add a user in the /etc/squid/passwd file:
htpasswd /etc/squid/passwd tin
Type a password and then confirm by re-entering it. Now the user and its encrypted password
will be saved to the /etc/squid/passwd file.
5. Edit the /etc/squid/squid.conf file using the below command:
Now add below lines in the file:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth

/etc/squid/passwdauth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
Once you are done with the configurations, save and exit the
configuration file.
Configuring clients to connect through Squid

proxy server
In this section, we will configure clients to connect through the Squid proxy server.
1. Open a web browser in your system. Here we will use the Firefox browser.
2. Go to upper right corner of your browser and click three horizontal bar icon. Then click
Options.
3. Then in the search bar, type network. When the search result appears, click Settings as can
be seen in the below screenshot.
4. Select the Manual proxy configuration option button. Then type the IP address of the Squid
proxy server in the HTTP Proxy field and port number in the Port field. Also, check the Also use
this proxy for FTP and HTTPS checkbox. Then click OK.
Now in order to check if the Squid server is working, try accessing any website in your browser.
You will see an authentication dialog. Enter the squid username and password that you have
created before and click OK.
Now you should be able to access the requested website.
Now try accessing another website that you have blocked using the access list. The browser will
show the following page saying ‘The proxy server is refusing connections”.
That is all there is to it! In this article, you have learned how to configure Squid proxy server on
a Linux system. We have just discussed the basic configurations. There is a lot more you can do
with Squid proxy server. Visit official documentation for more information.
Ummara Mushtaq
Ummara Mushtaq is a Telecommunication engineer with two years of experience in
server support and networking. She writes technical articles based on Linux system
administration for LinuxWays.
← How to host an application in XAMPP webserver on Linux Mint 20
How to use Ping command in Linux →
Similar Posts
UBUNTU UBUNTU UBUNTU
Comment installer Comment signer Comment installer

Bitwarden sur Ubuntu numériquement un Android File Transfer
20.04 document PDF pour Linux sur Ubuntu
 7 septembre 2021  Karim  28 octobre 2020  Ayesha  22 avril 2021  Karim
Bouzdar Sajid Bouzdar
© 2021 Linux Hint LLC Linux Hint | Confidentialité |

Contact

How To Configure Squid Proxy Server On Ubuntu 20.04 LTS - LinuxWays

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

How To Configure Squid Proxy Server On Ubuntu 20.04 LTS - LinuxWays

Transféré par

Droits d'auteur :

Formats disponibles

21/09/2021 13:00 How to configure Squid Proxy Server on Ubuntu 20.

Comment configurer le serveur proxy Squid sur

1. Configurer Squid pour écouter sur un autre port Comment

Mazyar sur Comment

$ sudo service squid redémarrage

Configuration du nom d'hôte pour le serveur proxy

Modifiez la configuration de calmar à l'aide de la commande ci-dessous :

$ sudo nano /etc/squid/squid.conf

Ajoutez maintenant l'entrée suivante dans le fichier de configuration en remplaçant

$ sudo service squid restart

Setting Squid cache memory size

Edit the configuration file using the below command:

$ sudo nano /etc/squid/squid.conf

Now, restart the squid service to apply the changes:

$ sudo service squid restart

Specifying DNS name-servers to use

$ sudo nano /etc/squid/squid.conf

Now add the below entry in the configuration file replacing:

dns_nameservers <IP address of DNS server>

dns_nameservers 8.8.8.8 8.8.4.4

Now, restart the squid service to apply the changes:

$ sudo service squid restart

Controlling access to the proxy server

How Squid ACL works

To define ACL, the syntax is:

acl NAME TYPE value

Example: Allow LAN traffic through Squid proxy server

acl myacl src 192.168.5.0/24

http_access allow|deny NAME

http_access allow myacl

Configuring proxy Sources to Access the internet

1. To configure the allowed sources, edit the squid configuration file:

$ sudo nano /etc/squid/squid.conf

2. Now, search for the entry acl localnet src.

acl localnet src subnet_ID/subnet_mask

acl localnet src 192.168.72.0/255.255.255.0

http_access allow localnet

Now save and exit the squid configuration file.

3. Now, restart the squid service using the below command:

$ sudo service squid restart

Denying access to certain websites in Squid

$ sudo nano /etc/squid/deniedsites.acl

$ sudo nano /etc/squid/squid.conf

acl denied_sites dstdomain “/etc/squid/deniedsites.acl”

http_access deny denied_sites

Now, restart the squid service using the below command:

$ sudo service squid restart

Configuring Squid Proxy client Authentication

$ apt install -y apache2-utils

2. Now create passwd file in /etc/squid directory to store passwords:

3. Use the below command to set the ownership to user “proxy”:

$ chown proxy: /etc/squid/passwd

4. Now add a user in the /etc/squid/passwd file:

htpasswd /etc/squid/passwd tin

5. Edit the /etc/squid/squid.conf file using the below command:

$ sudo nano /etc/squid/squid.conf

Now add below lines in the file:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth

auth_param basic realm Squid Basic Authentication

auth_param basic credentialsttl 2 hours

acl auth_users proxy_auth REQUIRED

http_access allow auth_users

Configuring clients to connect through Squid