Configuring Squid Proxy Server with Restricted Access and Setting Up Clients to Use Proxy

Are you looking to configure a Squid Proxy Server with restricted access and set up clients to use the proxy? Squid is a powerful caching proxy server that provides network performance optimization, security filtering, and access control capabilities for organizations.

What is Squid Proxy Server?

Squid Proxy Server is a popular open-source proxy server that improves network performance and security by caching and filtering web content. It acts as an intermediary between clients and web servers, allowing administrators to control internet access, block specific websites, and monitor network traffic.

Installing Squid Proxy Server

Install Squid Proxy Server on Ubuntu and other Debian-based systems using the following commands:

sudo apt-get update
sudo apt-get install squid

After installation, the Squid service will start automatically. The main configuration file is located at /etc/squid/squid.conf.

Configuring Squid Proxy Server

The configuration involves setting up access controls, content filtering, and caching policies. Always backup the original configuration file before making changes:

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.backup

Restricting Access

Configure access control by defining which clients can use the proxy server. Add these lines to the configuration file:

# Define allowed IP addresses
acl allowed_ips src 192.168.1.0/24
acl allowed_ips src 10.0.0.100

# Access control rules
http_access allow allowed_ips
http_access deny all

Replace the IP addresses with your network range or specific client IPs. The order matters allow rules should come before deny rules.

Filtering Web Content

Block specific websites or domains by creating access control lists (ACLs):

# Define blocked websites
acl blocked_sites dstdomain .facebook.com .twitter.com .youtube.com
acl blocked_keywords url_regex -i gambling casino

# Block access to these sites
http_access deny blocked_sites
http_access deny blocked_keywords

Enabling Caching

Configure caching to improve performance and reduce bandwidth usage:

# Cache directory configuration
cache_dir ufs /var/spool/squid 1000 16 256

# Cache size limits
maximum_object_size 50 MB
minimum_object_size 0 KB

# Cache replacement policy
cache_replacement_policy lru

After making configuration changes, restart the Squid service:

sudo systemctl restart squid
sudo systemctl enable squid

Setting Up Clients to Use Proxy

Configure client devices to route web traffic through the Squid proxy server. The default Squid port is 3128.

Google Chrome Configuration

• Open Chrome and click the three dots in the top right corner

• Select Settings from the dropdown menu

• Click Advanced ? System ? Open proxy settings

• Click LAN settings button

• Check Use a proxy server for your LAN

• Enter proxy server IP address and port 3128

• Click OK to save settings

Mozilla Firefox Configuration

• Open Firefox and click the menu button (three lines)

• Select Settings from the dropdown

• Scroll to Network Settings and click Settings

• Select Manual proxy configuration

• Enter proxy IP address in HTTP Proxy field and port 3128

• Check Use this proxy server for all protocols

• Click OK to apply settings

Automated Client Configuration Script

Use this PowerShell script to configure proxy settings on Windows clients automatically:

# PowerShell script to configure proxy settings
$RegKey = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
$ProxyServer = "192.168.1.100:3128"

# Enable proxy
Set-ItemProperty -Path $RegKey -Name "ProxyEnable" -Value 1 -Type DWORD
Set-ItemProperty -Path $RegKey -Name "ProxyServer" -Value $ProxyServer -Type String

Write-Host "Proxy configuration applied: $ProxyServer"

Testing Configuration

Verify the proxy server is working correctly by checking the Squid access logs:

sudo tail -f /var/log/squid/access.log

Test client connectivity by browsing to websites and monitoring the log entries. Each successful request should appear in the access log.

Conclusion

Configuring Squid Proxy Server with restricted access provides enhanced network security, improved performance through caching, and granular control over internet access. By implementing proper access controls and client configuration, organizations can effectively manage their network traffic and enforce internet usage policies.