Squid is a caching proxy server that can provide enhanced performance for HTTP,HTTPS and FTP. Squid will cache commonly accessed sites so that it can improve performance by 10-20% for Internet connections.
Squid is compliant to the Harvest Cache architecture and uses the Inter-Cache Protocol (ICP) to transfer data between peer and /parent/child servers. Squid can accelerate traffic from the inside network to the Internet or it can be employed to act as a front-end accelerator for a Web server, increasing access to the web pages on the server.
Here is what Squid can do:
1.Accelerate Internet Connections for Internal Network
2.Protect the Internal Network When Surfing the Internet
3.Create Detailed Information About User Activity on the Internet
4.Prevent Inappropriate Activity by Users on the Internet
5.Enforce Use by Authorized Users Only
6.Filter Sensitive Material
7.Accelerate Web Server Pages
Live Ubuntu Courses or Online Ubuntu Courses are available.
Squid acts both as a proxy, working in behalf of a user, and as a cache. When squid works as a proxy and a user makes a request for a web site, squid retrieves the web page and then provides it to the user. The user, in reality never reaches the Internet as the proxy server retrieves and caches all the sites the user makes requests for.
Install and Start Squid
Ubuntu now installs squid 2.7 as the default which is focused on high-performance with features aimed at high traffic volume. This is in contrast to the other option squid 3.0 which has a greater focus on web filtering. Be sure that any modifications you make are viewed as version specific.
sudo apt-get install squid
Start / Stop / Restart
Because squid is now integrated with upstart the best way to control squid is using these commands:
start squid
stop squid
restart squid
Important Locations
Once you install Squid, you will need to be familiar with these locations that are important for Squid.
/etc/squid config directory
/etc/squid/squid.conf squid configuration file
/usr/share/doc/squid documentation and examples
/usr/lib/squid support files
/usr/sbin/squid squid daemon
/var/log/squid log directory
/var/spool/squid cache directory
Basic Squid Configuration
The complete configuration file is found at /etc/squid/squid.conf. However, since the Squid configuration file has over 4960 lines it is not the easiest to work with. A basic configuration of Squid only needs one modification, if you are using private networks.
The hostname is automatically discovered by squid, however if you want to set a specific name you can use visible hostname.
visible_hostname myserver
The only line that must be set is to create a http_access variable that will allow users on the internal network to access the Internet. The line should look something like this:
http_access allow localnet
This line needs to be placed in a specific location, included in the example is the line number so it is easier to locate, note that the localhost is configured to work by default.
677 http_access allow localhost
678 http_access allow localnet
This is possible because the default settings now include these three private networks.
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
Once you have set this up restart squid with the following command.
restart squid
squid start/running, process 13551
Here is a tutorial with additional information on Squid ACLs
Point your browsers from those internal machines to the squid proxy. Several points to note about the proxy settings. The default port that you will connect to is 3128 and set squid to use all protocols. Once that is set you should have Internet access.
You will need to configure your firewall. Limit access so that clients can only go through port 3128. This will force them to use the proxy which will provide speed, save resources and protect your internal machines.
Here is an example of allowing an entire subnet.
ufw allow proto tp from 192.168.4.0/24 to any port 3128
{ 8 comments }
Squid was the best choice to experience the proxy concept within my home network. I really had fun playing with it and monitoring the traffic plus driving my family nuts. You know at the end you are the controller
However, I faced a problem with Skype. It didn’t get through the proxy. That was more than a year when I tried this out. I don’t know what is the situation now. But it was really fun. Especially when the proxy is transparent, no body knows what is going on
I’m new to the Linux world and would like to know if a Transparent Squid Installation would allow a laptop that is used outside of my home network, say using a wireless network at Star Bucks or Panera Bread to be protected as if it was in my home network.
The reason that I want to know is that I don’t want to use Windows on my son’s laptop when he starts school. If I install windows we can use safe eyes but that leaves the laptop open to viruses and such…. We don’t want to use Windows due to Linux being faster, more stable and just an all around better computing experience. But I need to know how to block the inappropriate stuff off the laptop…. So any help would be great.
Typically the squid proxy should be on a separate machine, that is what it was built for. If you try to put it on the same machine it will be easier to get around and it will impact functionality.
I get an error while starting squid,
karthick@Ubuntu-desktop:~$ start squid
start: Rejected send message, 1 matched rules; type=”method_call”, sender=”:1.56″ (uid=1000 pid=3239 comm=”start) interface=”com.ubuntu.Upstart0_6.Job” member=”Start” error name=”(unset)” requested_reply=0 destination=”com.ubuntu.Upstart” (uid=0 pid=1 comm=”/sbin/init”))
@Karthick
use sudo start squid
it works;)
karthick@Ubuntu-desktop:~$ sudo start squid
start: Job failed to start
nice it dine on ubuntu 10.04
any replies over @Karthick? I am facing the same problem