![]() This proxy can improve the performance and security of your web server by saving requests already made in a cache memory, filtering web traffic and restricting access based on geolocation. In this tutorial you will see how to set up Squid Proxy on a Debian Buster server and how to configure some web browsers to be able to use this proxy. Just run the standard commands to proceed with its installation: $ sudo apt update The Squid package is included in the standard Debian 10 repositories. ![]() Loaded: loaded (/etc/init.d/squid generated)Īctive: active (running) since Wed 18:48:47 PDT 3s ago rvice - LSB: Squid HTTP Proxy version 3.x The resulting output should look like this: To verify its correct functioning, simply type: $ sudo systemctl status squid Once the installation is completed, the proxy will start automatically. To configure Squid Proxy, edit the nf file in the Squid directory with a text editor. Before applying any changes, it is advisable to create a copy of the original configuration to have as a backup. One of the first configurations that can be changed is the one concerning the port on which the proxy is listening, which by default is port 3128. To apply this change, locate the following line in the text file: # Squid normally listens to port 3128īy modifying the two highlighted elements the IP address of the interface and the port on which Squid is listening are changed, respectively.Ī second configuration to interact with is the one concerning access control. In Squid, by default, access is only allowed to the localhost but a list of IP addresses to allow access to can also be specified. To do so, simply create a file containing all the addresses and include it within the Squid configuration. With this command, a text file where to add the authorized IP addresses in your proxy for each line will have been created.Īfter doing so, open the configuration file and enter a new ACL called IPallowed and include the newly created text file. To decide the access protocol to assign to these IP addresses, enter the http_access entry followed by the name of the ACL defined above. # And finally deny all other access to this proxy Īcl IPallowed src "/etc/squid/IPallowed.txt" Normally, the strings should be similar to as follows : #. It is important that the deny all rule is always specified at the end of the other declarations. To deny all requests except those of the previously declared addresses. In case of using nftables instead, use a slightly more complex command to open the ports: $ sudo nft add rule inet filter input tcp dport 3128 ct state new,established counter accept Configuring your browsers to use the proxy In case of using UFW, port 3128 (or the port you have modified) can be opened by enabling the "Squid" profile: $ sudo ufw allow 'Squid' Once the configuration file has been saved, the proxy will have to be restarted to apply the changes: $ sudo systemctl restart squid Configuring Firewall Squid, like firewalls, reads the rules from top to bottom. In this section, you will learn more about how to allow your browsers to use the Squid proxy. These steps are valid for any operating system:.In Firefox, click on the ☰ icon at the top right. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |