Ubuntu deploys squid proxy server

0 x00 Foreword#

squid is a high-performance proxy cache server, commonly used to deploy HTTP(S) proxy server. This article is a summary of the method of deploying HTTP(S) proxy server using squid on Ubuntu.

The Ubuntu version used is: Ubuntu 16.04 x64.

0 x01 Installation and Configuration#

Install squid using the following command:

apt install squid -y

After installation, the default configuration file squid.conf will be generated in the /etc/squid directory, and some custom modifications are required.

Modify the default port##

Modify the 3128 in the line of http_port 3128 to the desired port number, such as 8080, or an unusual port, so as to prevent the service from being detected by search engines such as shodan.

Allow external access##

Squid can only be accessed locally by default because it sets http_access allow localhost.

But under normal circumstances, we all need to access from the outside, which requires adding the following two lines of configuration:

acl net src 0.0.0.0/0
http_access allow net

Represents receiving any external address.

Allow CONNECT all ports##

Squid can only CONNECT port 443 by default. If you want to open all ports, you need to comment out the line http_access deny CONNECT !SSL_ports.

Modify secure port##

Squid's default policy only allows agents to access the following ports:

acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http

Therefore, some ports cannot be accessed, and 403 Forbidden is returned directly. If you need to access these ports, you can add the following configuration:

acl Safe_ports port 1-1024

Access to local network is not allowed##

Squid allows access to local (localhost) services by default, but it is recommended to remove the comment of #http_access deny to_localhost

Allow all access##

If you think the above operation is too cumbersome, you can also modify the http_access deny all to http_access allow all without considering the security`

Set access password##

For security, we usually set a password for the proxy server.

First install the htpasswd tool, use the following command:

apt install apache2-utils -y

Create a password file:

htpasswd -c /etc/squid/passwd proxy_username

Add the following content in squid.conf:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd

0 x02 Start squid service#

systemctl start squid

Recommended Posts

Ubuntu deploys squid proxy server
How to install Squid proxy server on Ubuntu 18.04
ubuntu install nginx server
Deploy FTP server under ubuntu
[Linux] Build Samba server (ubuntu16.04)
Install OpenSSL 1.0.2 on Ubuntu Server 14.04
Ubuntu Server Chapter 8 DNS Service
ubuntu 16.04 build pptpd V** server
Ubuntu Server Chapter 3 Package Management
Configure tomcat on ubuntu server
Ubuntu Server Chapter 7 Remote Management
Server upgrade Ubuntu 20.04 LTS record
Build Ubuntu 12.04 cross compilation server
Ubuntu server builds Java web server
Initial setup of Ubuntu 16.04 server
Ubuntu16.04 build GitLab server tutorial
Build Nginx-RTMP live server on ubuntu
Install Chef server workstation on Ubuntu 18.04
MySQL connected to remote Ubuntu server
Install Ubuntu 18.04 server with kvm virtualization
Build a file server on ubuntu
Ubuntu Server Chapter 2 Command Line Basics
Use Ubuntu 16.04 for initial server setup
Install Oracle 11gR2 on Ubuntu Server 12.4.0