Overview
The Squid caching proxy is an excellent, long established open source project with an active mail list. Aside from the core proxy and cache functionality, Squid is also great for managing, filtering, & analyzing HTTP and HTTPS accesses. An example of this is using a content filter to either rewrite or redirect URLs, and a typical application for this is blocking tracking sites and objectionable content, such as porn. If you're interested in this application, you may want to review our article Basic Python Squid Redirector / Rewriter for Content Filtering / Ad blocking for an example implementation.
Install from Source
Squid can be installed on Ubuntu using apt, but we want to experiment with the configuration options and source, so we build it from its repository on Github
Below we clone the Squid repo and build the latest from the beta version 5 branch.
$ cd /build # this is where we build our code $ git clone https://github.com/squid-cache/squid.git squid Cloning into 'squid'... $ cd squid $ git branch -r origin/HEAD -> origin/master ... origin/v3.5 origin/v4 origin/v5 $ git checkout v5 Branch 'v5' set up to track remote branch 'v5' from 'origin'. Switched to a new branch 'v5' $ ./bootstrap.sh automake (1.16.1) : automake autoconf (2.69) : autoconf libtool (2.4.6) : libtool libtool path : /usr/bin Bootstrapping parallel-tests: installing 'cfgaux/test-driver' Fixing configure recursion Autotool bootstrapping complete. $ mkdir build; cd build $ pwd /build/squid/build
Now it's time to configure our build. Note that there are many available configuration options, and a good starting point to exploring them is configure --help.
$ ../configure --prefix=/opt/squid --with-default-user=squid --enable-ssl --disable-inlined \ --disable-optimizations --enable-arp-acl --disable-wccp --disable-wccp2 --disable-htcp \ --enable-delay-pools --enable-linux-netfilter --disable-translation --disable-auto-locale \ --with-logdir=/opt/squid/log/squid --with-pidfile=/opt/squid/run/squid.pid ... configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: executing depfiles commands config.status: executing libtool commands
Let's build the code and install it to /opt/squid as specified above during configure
$ make $ make install # no need for sudo since we're installing to our own /opt/squid $ ls /opt/squid bin etc libexec log run sbin share var
Important Files and Folders
File/Folder | Purpose |
---|---|
etc/squid.conf | Squid configuration file |
log/squid/access.log, log/squid/cache.log | Squid log files |
Squid Runtime Configuration
Change the default configuration by editing etc/squid.conf. Note that the default squid.conf configuration provided by the 5.0 branch may be sufficient for basic testing and use.
Configure the devices / subnet allowed access.
acl localnet src 192.168.3.0/24 http_access allow localnet
Find the http_port tag. By default it is set to port 3128. This is the port that Squid will listen to for requests. You will also need to set this port in your browser when you configure the browser's proxy.
# Squid normally listens to port 3128 http_port 3128
Now create a squid user and give it permissions to write to various folders under /opt/squid:
$ sudo adduser squid $ mkdir -p /opt/squid/log $ sudo chown -R squid:squid /opt/squid/log $ sudo chown -R squid:squid /opt/squid/var $ sudo chown -R squid:squid /opt/squid/run
Running Squid
su as squid and start squid:
$ su squid $ /opt/squid/sbin/squid $ ps -e | grep squid 10486 ? 00:00:00 squid 10501 ? 00:00:00 squid $ more /opt/squid/log/squid/cache.log 2021/06/30 10:42:24 kid1| Set Current Directory to /opt/squid/var/cache/squid 2021/06/30 10:42:24 kid1| Starting Squid Cache version 5.0.6-VCS for x86_64-pc-linux-gnu... 2021/06/30 10:42:24 kid1| Service Name: squid 2021/06/30 10:42:24 kid1| Process ID 98677 2021/06/30 10:42:24 kid1| Process Roles: worker 2021/06/30 10:42:24 kid1| With 1024 file descriptors available 2021/06/30 10:42:24 kid1| Initializing IP Cache... 2021/06/30 10:42:24 kid1| DNS Socket created at [::], FD 7 2021/06/30 10:42:24 kid1| DNS Socket created at 0.0.0.0, FD 8 2021/06/30 10:42:24 kid1| Adding nameserver XX.XX.XX.XX from /etc/resolv.conf 2021/06/30 10:42:24 kid1| Logfile: opening log daemon:/opt/squid/log/squid/access.log 2021/06/30 10:42:24 kid1| Logfile Daemon: opening log /opt/squid/log/squid/access.log 2021/06/30 10:42:24 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2021/06/30 10:42:24 kid1| Store logging disabled 2021/06/30 10:42:24 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2021/06/30 10:42:24 kid1| Target number of buckets: 1008 2021/06/30 10:42:24 kid1| Using 8192 Store buckets 2021/06/30 10:42:24 kid1| Max Mem size: 262144 KB 2021/06/30 10:42:24 kid1| Max Swap size: 0 KB 2021/06/30 10:42:24 kid1| Using Least Load store dir selection 2021/06/30 10:42:24 kid1| Set Current Directory to /opt/squid/var/cache/squid 2021/06/30 10:42:24 kid1| Finished loading MIME types and icons. 2021/06/30 10:42:24 kid1| Squid plugin modules loaded: 0 2021/06/30 10:42:24 kid1| Adaptation support is off. 2021/06/30 10:42:24 kid1| Accepting HTTP Socket connections at conn3 local=[::]:3128 remote=[::] FD 11 flags=9 2021/06/30 10:42:25 kid1| storeLateRelease: released 0 objects
When you make changes to squid.conf, you can run a reconfigure:
$ /opt/squid/sbin/squid -k reconfigure
Testing Squid
Log into a Linux host, configure use of a proxy on the command line, and perform a get. Note that below our Squid proxy is running on 192.168.3.75, and we're testing it from 192.168.3.44.
$ export http_proxy=192.168.3.75:3128 $ $ wget http://example.com --2021-06-30 10:50:17-- http://example.com/ Connecting to 192.168.3.75:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 1256 (1.2K) [text/html] Saving to: ‘index.html’ ...
You can view Squid activity by viewing access.log. If configured for native format, each line will be written as shown below. Further information on the log format can be found here.
1625064617.247 46 192.168.3.20 TCP_MISS/200 1673 GET http://example.com/ - HIER_DIRECT/93.184.216.34 text/html
There are a lot of very interesting things that you can do with Squid. We plan to expand this article to show some of them (e.g., replacing header fields).
Date: July 30, 2021
Author: jonas
Comment: