Squid is caching proxy for the Web. It reduces the bandwidth and improves response time by caching and reusing frequently-requested web pages.
Squid has extensive access controls and makes a great content filtering software. Most web browsers available today support proxying and can be easily configured to use a squid server as proxy.Once configured all the http requests will go through proxy and then we can use squid server’s ACL (Access Control List) mechanism to filter out the requests.
- Let’s first install the squid server.
sudo apt-get update && sudo apt-get install squid3
- Take a backup of default configuration.
sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.$(date +%F)
- Remove the default configuration.
sudo rm /etc/squid3/squid.conf
- Create a new configuration.
sudo vi /etc/squid3/squid.conf
Below is a sample configuration.Change hostname, localnet and cache_dir as per your preference. It allows everything except the access to facebook. Access to facebook is restricted between 12:30-17:30. My server is running in UTC timezone so these timings translate into 6PM-8PM Indian Standard Time.
visible_hostname raspberrypi #ACL List acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 192.168.1.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl allowfacebooktime time SMTWHFA 12:30-14:30 acl facebookdotcom dstdomain .facebook.com #HTTP ACCESSES http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow facebookdotcom allowfacebooktime http_access deny facebookdotcom http_access allow localnet http_access allow localhost http_access deny all #SQUID PORT http_port 3128 #CACHE DIR LOCATION cache_dir ufs /media/usbhdd/anantvijay/cache 1000 16 256
Restart the squid service
sudo /etc/init.d/squid3 restart
sudo service squid3 restart
Log file locations
sudo tail -200f /var/log/squid3/cache.log
sudo tail -200f /var/log/squid3/access.log
We set the proxy server using Internet explorer even if we are using any other browser like chrome, firefox etc. Reason fore doing this is that IE knows the right place to store this setting and chrome/firefox etc reads the proxy settings from that location.
- Open IE, go to ‘Internet Options’, open ‘Connections’ tab
- Provide the IP address and port of your squid proxy server
- If everything is properly setup and you try to access something that is not autorized; following page will be displayed.