Post

How To Install And Setup Squid Proxy For Private Connections

Posted
By
3 min read
How To Install And Setup Squid Proxy For Private Connections

How to install and setup Squid Proxy for Private Connections

What is Squid Proxy its a free , open-source caching and forwarding web proxy server it improves network performance and network security

What makes a proxy different from a VPN a Proxy will hide your IP same with a VPN but unlike a VPN the proxy normally only works on a specific application or browser while the VPN will hide all traffic data Think of a proxy as a detour for one road, while a VPN is a private tunnel for everything.

Now how to install the Squid Proxy:

1
2

  $ sudo apt update
  $ sudo apt install squid

Squid at this point will start running as a background service
you can check that it is running by using this command: $ systemctl status squid.service

This should be your output: squid.service - Squid Web Proxy Server Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; preset: enabled) Active: active (running) since Wed 2025-04-23 13:47:11 UTC; 9min ago

When you set Squid up by default it should not allow clients to connect outside of the server in order to enable that, you’ll need to make some changes to its configuration file, which is stored in /etc/squid/squid.conf you can open this with Vim or your favorite text editor.

I will also state that this file is very long and most of the options are marked out with a # to enable them just remove this you can also search with ctrl+w and you can press alt+w to find the next instance.

Begin by goint to the line that says http_access deny all. You should see a block of text explaining Squid’s default access rules

Output:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

# And finally deny all other access to this proxy
http_access deny all

#  TAG: adapted_http_access
#       Allowing or Denying access based on defined access lists
#
#       Essentially identical to http_access, but runs after redirectors
#       and ICAP/eCAP adaptation. Allowing access control based on their
#       output.
#
#       If not set then only http_access is used.
#Default:
# Allow, unless rules exist in squid.conf.

Right now we can see that the current behavior – localhost is allowed and the other connections are not. You could change it to allow all allowing anyone to connect to your proxy server, But 99% of the time you don’t want that Instead you should add a line above http_access allow localhost that has your own IP address so you can connect to it

Example:

1
2
3
4
5
6
7
8
9
10

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
include /etc/squid/conf.d/*
# Example rule allowing access from your local networks.
acl localnet src your_ip_address
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost

If you don’t know your ip I recommended Ip Chicken it’s my favorite https://www.ipchicken.com/

The next and most important thing is making sure your proxy is secured Most proxies, along with the client-side applications that connect to them (such as web browsers), support various authentication methods. These may involve shared keys, dedicated authentication servers, or, most commonly, standard username and password credentials. So we are going to make a file called /etc/squid/passwords

Next, you’ll need to install some utilities from the Apache project in order to have access to a password generator that Squid likes.

sudo apt install apache2-utils this package includes the htpasswd command and thats what we are going to run to generate passwords.

sudo htpasswd -c /etc/squid/passwords your_squid_username This will store your passwords in /etc/squid/passwords

to view your passwords use sudo cat /etc/squid/passwords make sure your username and password have been stored properly after that we can do the next step

Now we need to restart the Squid by using sudo systemctl restart squid.service

And don’t forget to open port 3128 in your firewall if you’re using ufw: sudo ufw allow 3128

Now make usre you can connnect to Squid by using

curl -v -x http://your_squid_username:your_squid_password@your_server_ip:3128 http://www.google.com/

Thanks you now have a working proxy.

This post is licensed under CC BY 4.0 by the author.

© . Some rights reserved.

Using the Chirpy theme for Jekyll.