I’ll introduce how to build a proxy server using Squid 3.x.
First, install squid.
sudo apt-get update
sudo apt-get install squid
Check the squid version to confirm it’s installed.
$ squid -v
Squid Cache: Version 3.5.12
Service Name: squid
Ubuntu linux
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Ubuntu linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'
After installing squid, when I checked the status, it was already running. As expected of squid, fast.
$ service squid status
● squid.service - LSB: Squid HTTP Proxy version 3.x
Loaded: loaded (/etc/init.d/squid; bad; vendor preset: enabled)
Active: active (running) since Sat 2017-02-18 13:39:01 UTC; 28min ago
Docs: man:systemd-sysv-generator(8)
Tasks: 4
Memory: 18.3M
CPU: 461ms
CGroup: /system.slice/squid.service
├─2831 /usr/sbin/squid -YC -f /etc/squid/squid.conf
├─2838 (squid-1) -YC -f /etc/squid/squid.conf
├─2841 (logfile-daemon) /var/log/squid/access.log
└─2866 (pinger)
Feb 18 13:39:01 proxy1 systemd[1]: Starting LSB: Squid HTTP Proxy version 3.x...
Feb 18 13:39:01 proxy1 squid[2788]: * Starting Squid HTTP Proxy squid
Feb 18 13:39:01 proxy1 squid[2788]: ...done.
Feb 18 13:39:01 proxy1 systemd[1]: Started LSB: Squid HTTP Proxy version 3.x.
Feb 18 13:39:01 proxy1 squid[2831]: Squid Parent: will start 1 kids
Feb 18 13:39:01 proxy1 squid[2831]: Squid Parent: (squid-1) process 2838 started
First, backup the default squid.conf file.
sudo cp /etc/squid/squid.conf /etc/squid/squid-origin.conf
Next, edit and add to the configuration file squid.conf as follows:
#http_access deny all
forwarded_for off
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
reply_header_access X-Forwarded-For deny all
reply_header_access Via deny all
reply_header_access Cache-Control deny all
The diff is as follows:
$ diff /etc/squid/squid-origin.conf /etc/squid/squid.conf
1188a1189,1192
> # Alow my server's host
> acl myhost src xxx.xxx.xxx.xxx/255.255.255.255
> http_access allow myhost
>
1599c1603
< http_port 3128
---
> http_port 13128
5156a5161,5163
> request_header_access X-Forwarded-For deny all
> request_header_access Via deny all
> request_header_access Cache-Control deny all
5507a5515
> visible_hostname myhostname.com
7621a7630
> forwarded_for off
After completing the squid.conf file editing, reload squid to apply the settings and you’re done.
service squid reload
Then, confirm that you can access through the proxy server by some method.
That’s all from the Gemba on building a proxy server with Squid 3.
That’s all from the Gemba.