Squid Web Optimization Delivery Proxy Server. Makes website Load faster in the Network
What is Squid?
Squid is a caching and forwarding web proxy. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. There are two big advantages to squid, it is fast and it is free.
Squid was originally developed as the Harvest object cache. It runs on most available operating systems, including Windows and is licensed under the GNU GPL. Squid is used by hundreds of Internet Providers world-wide to provide their users with the best possible web access. Squid optimises the data flow between client and server to improve performance and caches frequently-used content to save bandwidth.
Thousands of web-sites around the Internet use Squid to drastically increase their content delivery. Squid can reduce your server load and improve delivery speeds to clients. Squid can also be used to deliver content from around the world.
How big of a system do I need to run Squid?
There are no hard-and-fast rules. The most important resource for Squid is physical memory, so put as much in your Squid box as you can. Your processor does not need to be ultra-fast. We recommend buying whatever is economical at the time.
Your disk system will be the major bottleneck, so fast disks are important for high-volume caches. SCSI disks generally perform better than ATA, if you can afford them. Serial ATA (SATA) performs somewhere between the two. Your system disk, and logfile disk can probably be IDE without losing any cache performance.
The ratio of memory-to-disk can be important. We recommend that you have at least 32 MB of RAM for each GB of disk space that you plan to use for caching.
Squid is now developed almost exclusively through volunteer efforts.
Squid Proxy Server Profile
- Packages : squid3-common,squid.
- Service Name: squid
- Default port : 3128
- Config File : /etc/squid/squid.conf
- Log file Path: /var/log/squid
- Environment : Unix, Debian.
In this article, we’ll explain how to setup Squid server to use it as a proxy server on Ubuntu/Debian machines. eg: Kali linux
As a matter of best practice we’ll update our packages, Update the system.
[email protected]: apt-get update && apt-get upgrade -y
Install Squid Server by Apt-get.
[email protected]: apt-get install squid -y
The Squid server starts downloading required packages.
Squid should start immediately after the installation. If the squid failed to start follow step 5. Use the following command to view information on the command
[email protected]: squid3 -h
[email protected]: systemctl status squid or service squid status
[email protected]: squid3 -v
Squid Cache: Version 3.5.23
Service Name: squid
Now we have successfully Installed squid. Enable and start the Service.
[email protected]: systemctl enable squid && service squid start
Step 6 Configuration
By default firewall filters the 3128 Squid service port no. Allow firewall port for squid. Default port of squid proxy is 3128 that’s why we have to allow port 3128.
Opening ports is a bad idea. It can lead to system compromise by the Hackers. Think twice before you add the rule.
[email protected]: iptables -A INPUT -p tcp –dport 3128 –jump ACCEPT
[email protected]: iptables-save
We’ll use the Nmap tool otherwise knows as the swiss army knife for hackers. To check if the port is opened.
Configuring the server for the Network Access. By default squid server does not allow any client to get connected.
Open the configuration file which is located at /etc/squid/squid.conf. Add the following to allow network clients
[email protected]: acl ryan_network_access src 192.168.1.1/24
[email protected]: http_access allow ryan_network_access
Allow which ports are that clients needs. To allow ports using ACL add the following in squid.conf file
acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports http_access deny !Safe_ports
Block all bad sites and the sites and restrict access to sites by other users. Create a new file using vi in the /etc/squid/blocksites.acl and enter the sites to block access.
Add the Following lines into the squid.conf and restart the server.
acl blocksites url_regex "/etc/squid/allowedsites" http_access deny blocksites
Block the downloads by the file type. Create a new file in /etc/squid/blockdownloads.acl. Enter the following.
\.torrent$ \.mp3.*$ \.mp4.*$ \.3gp.*$ \.[Aa][Vv][Ii]$ \.[Mm][Pp][Gg]$ \.[Mm][Pp][Ee][Gg]$ \.[Mm][Pp]3$ \.[Ff][Ll][Vv].*$
Include the Blocked sites and blocked download file in the squid configuration file.
acl blockfiles urlpath_regex "/etc/squid/blockdownloads.acl" http_access deny blockfiles
There are still so many Restrictions like Time based access, which deny internet access from morning 10 Hours to 19 Hours, Restricting Download speeds.
I’ll leave that part to you. Now getting back to the client side Configuration It’s very easy to configure the client side unless the server is configured properly without any errors.
Go to Client Side
Hit Windows key and search for Internet options. Open the connection tab, Click on the Lan settings and Add the squid server IP address and the port no which is 3128.
If you face Internet connection problems Troubleshoot will provide you what’s wrong.
Restart the squid server one last time and Yes the website loads faster then before. Everything works as we configured.
Now see the logs watch the squid logs
/var/log/squid/ log file directory
The logs are a valuable source of information about Squid workloads and performance. The logs record not only access information, but also system configuration errors and resource consumption (eg, memory, disk space). There are several log file maintained by Squid. Some have to be explicitly activated during compile time, others can safely be deactivated during.
Missed out any steps? Are you having issue while configuring Feel free to ask us Would like to help you learn something 🙂