Wireless Army
This is a blog / tips and tricks website for web developers and security researchers.
follow us in feedly


squid proxy server
by admin
 at 2017-09-03 23:05:00.

How to setup a squid proxy server on ubuntu this will cover how to setup the proxy server the how to block sites or pages with special words then how to use a simple authentication that will block ftp or other stuff and only works on http and https (for this you will need to install apache2-utils) first you need to install squid so

apt-get install squid3 squid3-common

the you need to open the file /etc/squid3/squid.conf most of it (98%) is instructions but you can just directly to lines 690 and after, all lines starting with # are comments first you need to specify your subnet info, this example is for a a router that the ip address start with 192.168.1. and subnet mast of 255.255.255.0

acl localnet src 192.168.1.0/24

#this are the ports that you want to allow access you should also specify ssl ports (you can use any port that you want like 21 for ftp)
acl Safe_ports port 80
acl Safe_ports port 443
acl SSL_ports port 443

and then you should allow the connection

http_access allow localnet

and if you want to block any websites

acl block_websites dstdomain .example1.com .example2.com
http_access deny block_websites

or for blocking some words just make a file on /etc/squid3 called words.txt and add all words that you want to be filtered 1 per line

acl words url_regex -i "/etc/squid3/words.txt"
http_access deny words

if you are going to use it only for web browsing, you can add a basic authentication login. first to create a file with the username and password

htpasswd -c /etc/squid3/passwd myusername

the add the fallowing lines to your squid.conf file

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic realm any message that you want like login here
#this line will make sure that you don't need to login every 5 minutes
auth_param basic credentialsttl 1 hours

acl server proxy_auth REQUIRED
http_access deny !server
http_access deny all